Page 34 of 179 results (0.017 seconds)

CVSS: 2.7EPSS: 0%CPEs: 16EXPL: 0

The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. El driver backend en Xen v3.x permite a usuarios del OS causar una denegación de servicio a través de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado OS sean apagados o se cree un dominio zombie, causando una caída en zenwatch, o impida que comandos sin especificar xm trabajen de forma adecuada, relacionado con (1) netback, (2) blkback, o (3) blktap. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://secunia.com/advisories/42372 http://secunia.com/advisories/42789 http://secunia.com/advisories/43056 http://secunia.com/advisories/46397 http://www.redhat.com/support/errata/RHSA-2011-0004.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45039 http://www.securitytracker.com/id?1024786 http://www.vmware.com/security/advisories/VMSA-2011-0012.html ht • CWE-399: Resource Management Errors •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 5

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. El pyGrub en Xen v3.0.3, v3.3.0, y Xen-3.3.1 no soporta la opción password en grub.conf para las invitaciones "para-virtualized", lo que permite a atacantes con acceso a la consola invitada para-virtualized iniciar la invitación o modificar los parámetros de arranque del kernel del invitado sin proporcionar el password esperado. • https://www.exploit-db.com/exploits/33255 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://secunia.com/advisories/36908 http://www.openwall.com/lists/oss-security/2009/09/25/1 http://www.redhat.com/support/errata/RHSA-2009-1472.html http://www.securityfocus.com/bid/36523 http://www.securitytracker.com/id?1022950 http://xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3 https://bugzilla.redhat.com/show_bug.cgi?id=525740 https://bugzilla&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1

The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." La función hypervisor_callback en Xen, posiblemente anteriores a v3.4.0, como la que se aplica al kernel de linux v2.6.30-rc4, 2.6.18 y posiblemente otroas versiones permiten a aplicaciones del usuario guess provocar una denegación de servicio (kernel opps) en el sistema invitado mediante cuando se provoca un fallo de segmentación en "determinados rangos de direcciones". • http://lists.xensource.com/archives/html/xen-devel/2009-05/msg00561.html http://secunia.com/advisories/35093 http://secunia.com/advisories/35298 http://www.debian.org/security/2009/dsa-1809 http://www.openwall.com/lists/oss-security/2009/05/14/2 http://www.securityfocus.com/bid/34957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10313 https://access.redhat.com/security/cve/CVE-2009-1758 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-399: Resource Management Errors •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. qemu-dm.debug en Xen v3.2.1 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico al fichero temporal /tmp/args. • http://bugs.debian.org/496367 http://dev.gentoo.org/~rbu/security/debiantemp/xen-utils-3.2-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.redhat.com/support/errata/RHSA-2009-0003.html https://bugs.gentoo.org/show_bug.cgi?id=235770 https://bugs.gentoo.org/show_bug.cgi?id=235805 https://exchange.xforce.ibmcloud.com/vulnerabilities/46545 https://oval.cisecurity.org/repository/search&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. libvirt v0.3.3 se basa en ficheros localizados bajo subdirectorios de /local/domain en xenstore a pesar de la falta de protección contra modificaciones introducida por Xen en máquinas virtuales invitado, lo cual permite a usuarios del sistema operativo (SO) huésped tener un impacto desconocido, como lo demostrado mediante la escritura en (1) consola de texto (console/tty) o (2) el puerto VNC para el gráfico framebuffer. • https://www.exploit-db.com/exploits/32446 http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html http://openwall.com/lists/oss-security/2008/09/30/6 http://secunia.com/advisories/32064 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/04/3 http&# • CWE-264: Permissions, Privileges, and Access Controls •