Page 38 of 230 results (0.006 seconds)

CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0

Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. Xen v4.0.2 hasta v4.0.4, v4.1.x, y v4.2.x permite a los usuarios locales PV invitados causar una denegación de servicio (caída del hipervisor) mediante ciertas combinaciones de bits de la instrucción XSETBV. • http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2013/06/03/3 http://www.securitytracker.com/id/1028613 • CWE-20: Improper Input Validation •

CVSS: 1.9EPSS: 0%CPEs: 13EXPL: 0

Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection) via unspecified vectors. Xen 4.x, cuando utiliza Intel VT-d para un bus capaz de dominar un dispositivo PCI, no comprueba correctamente la fuente de acceso a una interrupción de entradas en la tabla de resignación para MSI de dispositivo puente, lo que permite que los dominios locales de clientes puedan causar una denegación de servicio (inyección de interrupción) a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://osvdb.org/92984 http://secunia.com/advisories/53312 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2013/dsa-2666 http://www.openwall.com/lists/oss-security/2013/05/02/9 http://www.securityfocus.com/bid/59617 https://exchange.xforce.ibmcloud.com&#x • CWE-20: Improper Input Validation •

CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0

Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." Determinadas operaciones de manipulación de tablas en Xen 4.1.x, 4.2.x y anteriores, permite a kernels PV locales provocar una denegación de servicio a través de vectores relacionados con "deep page table traversal." • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://secunia.com/advisories/53187 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2013/dsa-2666 http://www.openwall.com/lists/oss-security/2013/05/02/8 http://www.securityfocus.com/bid/59615 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 0

Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. Xen versiones 4.0.x y 4.1.x, libera incorrectamente una referencia de concesión al liberar una concesión sin-v1, sin transmitir, que permite a los administradores invitados locales causar una denegación de servicio (bloqueo del host), obtener información, o posiblemente tener otros impactos por medio de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2013/dsa-2666 http://www.openwall.com/lists/oss-security/2013/04/18/9 http://www.securityfocus.com/bid/59293 http://www.securitytracker.com/id/1028459 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.9EPSS: 0%CPEs: 27EXPL: 0

Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. Xen 3.1 a la 4.x, cuando ejecuta hosts con arquitectura de 64 bits en CPUs Intel, no limpia la bandera NT cuan emplea una IRET después de una instrucción SYSENTER, lo que permite a usuarios PV provocar una denegación de servicio (caída del hypervisor) provocando un fallo #GP que no está manejado adecuadamente por otra instrucción IRET. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2012/dsa-2 • CWE-20: Improper Input Validation •