CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3715
https://notcve.org/view.php?id=CVE-2014-3715
Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. Desbordamiento de buffer en Xen 4.4.x permite a usuarios locales leer memoria de sistema o causar una denegación de servicio (caída) a través de un kernel invitado de 32-bits manipulado, relacionado con la búsqueda de un DTB adjunto. • http://www.openwall.com/lists/oss-security/2014/05/14/4 http://www.openwall.com/lists/oss-security/2014/05/15/6 http://www.openwall.com/lists/oss-security/2014/05/16/1 http://www.securitytracker.com/id/1030252 http://xenbits.xen.org/xsa/advisory-95.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3716
https://notcve.org/view.php?id=CVE-2014-3716
Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. Xen 4.4.x no comprueba debidamente alineación, lo que permite a usuarios locales causar una denegación de servicio (caída) a través de un campo no especificado en una cabecera DTB en un kernel invitado de 32-bits. • http://www.openwall.com/lists/oss-security/2014/05/14/4 http://www.openwall.com/lists/oss-security/2014/05/15/6 http://www.openwall.com/lists/oss-security/2014/05/16/1 http://www.securitytracker.com/id/1030252 http://xenbits.xen.org/xsa/advisory-95.html • CWE-20: Improper Input Validation •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3717
https://notcve.org/view.php?id=CVE-2014-3717
Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which triggers a buffer overflow. Xen 4.4.x no valida debidamente la dirección de carga para kernels ARM de 64-bits invitados, lo que permite a usuarios locales leer memoria de sistema o causar una denegación de servicio (caída) a través de un kernel manipulado, lo que provoca un desbordamiento de buffer. • http://www.openwall.com/lists/oss-security/2014/05/14/4 http://www.openwall.com/lists/oss-security/2014/05/15/6 http://www.openwall.com/lists/oss-security/2014/05/16/1 http://www.securitytracker.com/id/1030252 http://xenbits.xen.org/xsa/advisory-95.html • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 15EXPL: 0CVE-2014-3124
https://notcve.org/view.php?id=CVE-2014-3124
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. El control HVMOP_set_mem_type en Xen 4.1 hasta 4.4.x permite a administradores HVM locales invitados causar una denegación de servicio (caída de hipervisor) o posiblemente ejecutar código arbitrario mediante el aprovechamiento de una vulnerabilidad qemu-dm diferente para provocar traducciones de tablas de páginas invalidas para tipos de página de memoria no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133148.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133191.html http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html http://security.gentoo.org/glsa/glsa-201407-03.xml http://www.debian.org/security/2014/dsa-3006 http://www.openwall.com/lists/oss-security/2014/04/29/1 http://www.openwall.com/lists/oss-security/2014/04/30/10 http://www.securityfocus.com/bid/67113&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3125
https://notcve.org/view.php?id=CVE-2014-3125
Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors. Xen 4.4.x, cuando funciona en un sistema ARM, no conmuta debidamente el contexto del registro CNTKCTL_EL1, lo que permite a usuarios locales invitados modificar los temporizadores de hardware y causar una denegación de servicio (caída) a través de vectores no especificados. • http://secunia.com/advisories/58347 http://www.openwall.com/lists/oss-security/2014/04/30/11 http://www.openwall.com/lists/oss-security/2014/04/30/5 http://www.securityfocus.com/bid/67157 http://www.securitytracker.com/id/1030184 http://xenbits.xen.org/xsa/advisory-91.html • CWE-264: Permissions, Privileges, and Access Controls •