Page 45 of 342 results (0.006 seconds)

CVSS: 2.1EPSS: 0%CPEs: 38EXPL: 0

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. La hiperllamada HYPERVISOR_xen_version en Xen 3.2.x hasta 4.5.x ni inicializa correctamente las estructuras de datos, lo que permite a usuarios locales invitados obtener información sensible a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.securityfocus.com/bid/72955 http://www.securitytracker.com/id/1031806 http://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 0

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. El emulador x86 en Xen 3.2.x hasta 4.5.x no ignora correctamente las anulaciones de segmentos para instrucciones con operandos del registro, lo que permite a usuarios locales invitados obtener información sensible, causar una denegación de servicio (corrupción de memoria), o posiblemente ejecutar código arbitrario a través de vectores no especificados. It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.oracle.com/technetwork/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 34EXPL: 0

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. Las rutinas de emulación para dispositivos X86 no especificados en Xen 3.2.x hasta 4.5.x no inicializa correctamente los datos, lo que permite a usuarios locales invitados HVM obtener información sensible a través de vectores que involucran un tamaño de acceso no soportado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152483.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152588.html http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00014.html http://support.citrix.com/article/CTX200484 http://www.debian.org/security/2015/dsa-3181 http://www.securityfocus.com/bid/72954 http://www.securitytracker.com/id/1031806 http://www. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register. La función vgic_v2_to_sgi en arch/arm/vgic-v2.c en Xen 4.5.x, cuando funciona en el hardware ARM con General Interrupt Controller (GIC) version 2, permite a usuarios locales invitados causar una denegación de servicio (caída del anfitrión) mediante la escritura de un valor inválido en el registro GICD.SGIR. • http://www.securityfocus.com/bid/72591 http://www.securitytracker.com/id/1031746 http://xenbits.xen.org/xsa/advisory-117.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100868 • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 23EXPL: 0

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. La virtualización del distribuidor ARM GIC en Xen 4.4.x y 4.5.x permite a invitados locales causar una denegación de servicio mediante la provocación del registro un número grande de mensajes. • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152776.html http://www.openwall.com/lists/oss-security/2015/01/29/9 http://www.securityfocus.com/bid/72766 http://www.securitytracker.com/id/1031663 http://xenbits.xen.org/xsa/advisory-118.html • CWE-399: Resource Management Errors •