CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0218 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-0218
03 Dec 2012 — Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen. Xen v3.4, v4.0 y v4.1, cuando en el sistema operativo huésped no se ha registrado un controlador para una instrucción syscall o sysenter, no limpia c... • http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-2934 – kernel: denial of service due to AMD Erratum #121
https://notcve.org/view.php?id=CVE-2012-2934
03 Dec 2012 — Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217. Xen v4.0 y v4.1, cuando se ejecuta un cliente PV de 64-bit en CPUs AMD "antiguas", no protege adecuadamente contra un determiando fallo del procesador AMD, lo que permite a usuarios de... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2012-3432 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3432
03 Dec 2012 — The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions. La función handle_mmio en arch/x86/hvm/io.c en el emulador de operaciones MMIO para Xen v3.3 y v4.x, cuando se ejecuta un HVM huesped, no reinicia correctamente la información de estado ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4538 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-4538
24 Nov 2012 — The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors. La llamada HVMOP_pagetable_dying en Xen v4.0, v4.1, y v4.2 no comprueba correctamente el estado "pagetable" cuando se ejecuta en "shadow pagetables", lo que permite a un sistema operativo HVM de invitado causar una denegación de servicio (caída del hipervisor) a tr... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3433 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3433
24 Nov 2012 — Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown. Xen v4.0 y v4.1 permite a los kernels OS locales HVM de invitado causar una denegación de servicio (cuelgue de dominio 0 VCPU y "kernel panic") mediante la modificación del espacio de direcciones físicas de una forma que provoca exceso de tiempo de búsqueda de página compa... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3516
https://notcve.org/view.php?id=CVE-2012-3516
23 Nov 2012 — The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. La sub-operación GNTTABOP_swap_grant_ref en el "grant table hypercall" en Xen v4.2 y Citrix XenServer v6.0.2 permite a los kernels locales de invitado o administradores causar una denegación ... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4411 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-4411
23 Nov 2012 — The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. La consola gráfica en Xen v4.0, v4.1 yv 4.2 permite a los administradores del SO invitado obtener información sensible a través del monitor QEMU. NOTA: este podría ser un duplicado de CVE-2007-0.998. Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitra... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6030 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6030
23 Nov 2012 — The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función do_tmem_op en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 permiten a ... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6031 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6031
23 Nov 2012 — The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. La función do_tmem_get en el Transcendent Memory (TMEM) en Xen v4.0, v4.1, y v4.2 permiten a los usuarios del SO i... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-6032 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-6032
23 Nov 2012 — Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. Múltiples desbordamientos de enteros en las funciones (1) tmh_copy_from_client y (2) tmh_copy_to... • http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.html • CWE-189: Numeric Errors •