Page 28 of 176 results (0.023 seconds)

CVSS: 2.7EPSS: 0%CPEs: 24EXPL: 0

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Xen 3.2.x hasta 4.4.x no limpia debidamente las páginas de memoria recuperadas de invitados, lo que permite a usuarios locales del sistema operativo invitado obtener información sensible a través de vectores no especificados. It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself. • http://linux.oracle.com/errata/ELSA-2014-0926-1.html http://linux.oracle.com/errata/ELSA-2014-0926.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://secunia.com/advisories/59208 http://secunia.com/advisories/60027 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') •

CVSS: 5.2EPSS: 0%CPEs: 24EXPL: 0

Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. Múltiples desbordamientos de enteros en las suboperaciones (1) FLASK_GETBOOL y (2) FLASK_SETBOOL en la hiperllamada flask hypercall en Xen 4.1.x, 3.3.x, 3.2.x y anteriores, cuando XSM está habilitado, permiten a usuarios locales causar una denegación de servicio (fallo de procesador) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-1891, CVE-2014-1892 y CVE-2014-1894. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.openwall.com/lists/oss-security/2014/02/07/12 http://www.openwall.com/lists/oss-security/2014/02/07/4 http://www.openwall.com/lists/oss-security/2014/02/10/8 http://xenbits.xen.org/xsa&#x • CWE-189: Numeric Errors •

CVSS: 5.2EPSS: 0%CPEs: 9EXPL: 0

Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. Múltiples desbordamientos de enteros en suboperaciones no especificadas en la hiperllamada flask en Xen 3.2.x y anteriores, cuando XSM está habilitada, permiten a usuarios locales causar una denegación de servicio (fallo de procesador) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-1891, CVE-2014-1892 y CVE-2014-1893. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.openwall.com/lists/oss-security/2014/02/07/12 http://www.openwall.com/lists/oss-security/2014/02/07/4 http://www.openwall.com/lists/oss-security/2014/02/10/8 http://xenbits.xen.org/xsa&#x • CWE-189: Numeric Errors •

CVSS: 5.2EPSS: 0%CPEs: 25EXPL: 0

Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. Múltiples desbordamiento de enteros en las suboperaciones (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER y (4) FLASK_CONTEXT_TO_SID en la hiperllamada flask en Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x y anteriores, cuando XSM está habilitado, permiten a usuarios locales causar una denegación de servicio (fallo de procesador) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-1892, CVE-2014-1893 y CVE-2014-1894. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.openwall.com/lists/oss-security/2014/02/07/12 http://www.openwall.com/lists/oss-security/2014/02/07/4 http://www.openwall.com/lists/oss-security/2014/02/10/8 http://xenbits.xen.org/xsa&#x • CWE-189: Numeric Errors •

CVSS: 6.0EPSS: 0%CPEs: 34EXPL: 0

Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. Xen 3.0.3 a 4.1.x (posiblemente 4.1.6.1), 4.2.x (posiblemente 4.2.3), y 4.3.x (posiblemente 4.3.1) no previene correctamente acceso a hypercalls, lo cual permite a usuarios invitados locales obtener privilegios a través de la ejecución de una aplicación manipulada en el anillo 1 o el anillo 2. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00059.html http://rhn.redhat.com/errata/RHSA-2014-0285.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.openwall.com/lists&# • CWE-264: Permissions, Privileges, and Access Controls •