CVSS: 4.7EPSS: 0%CPEs: 25EXPL: 0CVE-2013-3495
https://notcve.org/view.php?id=CVE-2013-3495
The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). El motor Intel VT-d Interrupt Remapping en Xen 3.3.x a la 4.3.x permite a invitados (guest) locales provocar una denegación de servicio (kernel panic) a través de un Message Signaled Interrupt (MSI) mal formado desde un dispositivo PCI que es capaz de provocar un System Error Reporting (SERR) Non-Maskable Interrupt (NMI). • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00010.html http://osvdb.org/96438 http://secunia.com/advisories/54341 http://www.openwall.com/lists/oss-security/2013/08/20/8 http://www.securityfocus.com/bid/61854 http://www.securitytracker.com/id/1028931 https://security.gentoo.org/glsa/201504-04 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2194
https://notcve.org/view.php?id=CVE-2013-2194
Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel. Múltiples desbordamientos de enteros en el analizador ELF (libelf) en Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://support.citrix.com/article/CTX138058 http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2013/06/20/2 http://www.openwall.com/ • CWE-189: Numeric Errors •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2195
https://notcve.org/view.php?id=CVE-2013-2195
The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. El analizador ELF (libelf) in Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado, en relación con "desreferencia de puntero" que involucran cálculos inesperados. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://support.citrix.com/article/CTX138058 http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2013/06/20/2 http://www.openwall.com/ • CWE-189: Numeric Errors •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2196
https://notcve.org/view.php?id=CVE-2013-2196
Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. Múltiples vulnerabilidades no especificadas en Elf parser (libelf) en Xen v4.2.x y anteriores permite a los administradores invitados locales con ciertos permisos, tener un impacto no especificado a través de un kernel hecho manipulado, en relación con "otros problemas" que no son CVE-2013-2194 o CVE-2013-2195. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://support.citrix.com/article/CTX138058 http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2013/06/20/2 http://www.openwall.com/ •
CVSS: 1.9EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1917
https://notcve.org/view.php?id=CVE-2013-1917
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. Xen 3.1 a la 4.x, cuando ejecuta hosts con arquitectura de 64 bits en CPUs Intel, no limpia la bandera NT cuan emplea una IRET después de una instrucción SYSENTER, lo que permite a usuarios PV provocar una denegación de servicio (caída del hypervisor) provocando un fallo #GP que no está manejado adecuadamente por otra instrucción IRET. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2012/dsa-2 • CWE-20: Improper Input Validation •