Page 31 of 179 results (0.006 seconds)

CVSS: 2.1EPSS: 0%CPEs: 23EXPL: 0

CVE-2013-4361

https://notcve.org/view.php?id=CVE-2013-4361

The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by reading the values used by the instruction. La emulación de la instrucción fbld en Xen 3.3.x a 4.3.x no usa la variable correcta para la dirección de origen efectiva, lo cual permite a invitados HVM locales obtener información de la pila del hypervisor mediante la lectura de valores usados por la instrucción. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2013/09/30/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.3EPSS: 0%CPEs: 33EXPL: 0

CVE-2013-4355 – Kernel: Xen: Xsa-63: information leak via I/O instruction emulation

https://notcve.org/view.php?id=CVE-2013-4355

Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory. Xen v4.3.x y anterior no maneja correctamente ciertos errores, lo que permite a invitados locales HVM conseguir la memoria de la pila del hypervisor a través de un puerto o escritura de memoria mapeada de I/O u otra operación no especificada relacionada con direcciones sin memoria asociada. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-11/msg00009.html http://rhn.redhat.com/errata/RHSA-2013-1790.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2013/09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.7EPSS: 0%CPEs: 23EXPL: 0

CVE-2013-2212

https://notcve.org/view.php?id=CVE-2013-2212

The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range. La función vmx_set_uc_mode en Xen 3.3 hasta la versión 4.3, al deshabilitar cachés, permite a invitados HVM locales con a las regiones I/O asignadas a la memoria provocar una denegación de servicio (consumo de CPU y posiblemente pánico de hypervisor o de kérnel invitado) a través de un rango GFN manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://www.openwall.com/lists/oss-security/2013/07/24/6 https://security.gentoo.org/glsa/201504-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.7EPSS: 0%CPEs: 25EXPL: 0

CVE-2013-3495

https://notcve.org/view.php?id=CVE-2013-3495

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). El motor Intel VT-d Interrupt Remapping en Xen 3.3.x a la 4.3.x permite a invitados (guest) locales provocar una denegación de servicio (kernel panic) a través de un Message Signaled Interrupt (MSI) mal formado desde un dispositivo PCI que es capaz de provocar un System Error Reporting (SERR) Non-Maskable Interrupt (NMI). • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://osvdb.org/96438 http://secunia.com/advisories/54341 http://www.openwall.com/lists/oss-security/2013/08/20/8 http://www.securityfocus.com/bid/61854 http://www.securitytracker.com/id/1028931 https://security.gentoo.org/glsa/201504-04 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2013-2195

https://notcve.org/view.php?id=CVE-2013-2195

The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. El analizador ELF (libelf) in Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado, en relación con "desreferencia de puntero" que involucran cálculos inesperados. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://support.citrix.com/article/CTX138058 http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2013/06/20/2 http://www.openwall.com/ • CWE-189: Numeric Errors •