Page 50 of 468 results (0.002 seconds)

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-8905

https://notcve.org/view.php?id=CVE-2017-8905

Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. Xen hasta la versión 4.6.x para plataformas de 64 bits maneja una llamada de seguridad, lo que podría permitir a los usuarios del sistema operativo huésped PV ejecutar código arbitrario en el sistema anfitrión, también conocido como XSA-215. • http://www.securityfocus.com/bid/98436 http://www.securitytracker.com/id/1038388 https://blog.xenproject.org/2017/05/02/updates-on-xsa-213-xsa-214-and-xsa-215 https://security.gentoo.org/glsa/201705-11 https://xenbits.xen.org/xsa/advisory-215.html • CWE-682: Incorrect Calculation •

CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-7995

https://notcve.org/view.php?id=CVE-2017-7995

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. Xen PV guest anterior a Xen 4.3 chequea los permisos de acceso a los rangos MMIO sólo después de acceder a ellos, lo que permite leer en un dispositivo de memoria PCI, dando lugar a la divulgación de información. Se trata de un error en la función get_user. • http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00005.html http://www.securityfocus.com/bid/98314 https://bugzilla.suse.com/show_bug.cgi?id=1033948 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-7228 – Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout

https://notcve.org/view.php?id=CVE-2017-7228

An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. Un problema (conocido como XSA-212) ha sido descubierto en Xen, con arreglos disponibles para 4.8.x, 4.7.x, 4.6.x, 4.5.x, y 4.4.x. La anterior corrección XSA-29 introdujo una comprobación insuficiente en la entrada XENMEM_exchange, dando permiso a la persona que llama para conducir accesos de memoria de hipervisor fuera de las matrices de entrada/salida proporcionadas por el huésped. Xen suffers from a broken check in memory_exchange() that permits a PV guest breakout. • https://www.exploit-db.com/exploits/41870 http://openwall.com/lists/oss-security/2017/04/04/3 http://www.debian.org/security/2017/dsa-3847 http://www.securityfocus.com/bid/97375 http://www.securitytracker.com/id/1038223 http://xenbits.xen.org/xsa/advisory-212.html https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-029-2017.txt https://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html • CWE-129: Improper Validation of Array Index •

CVSS: 9.9EPSS: 0%CPEs: 32EXPL: 0

CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

https://notcve.org/view.php?id=CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un problema de acceso fuera de límites. El problema puede ocurrir al copiar datos VGA en cirrus_bitblt_cputovideo. • http://rhn.redhat.com/errata/RHSA-2017-0328.html http://rhn.redhat.com/errata/RHSA-2017-0329.html http://rhn.redhat.com/errata/RHSA-2017-0330.html http://rhn.redhat.com/errata/RHSA-2017-0331.html http://rhn.redhat.com/errata/RHSA-2017-0332.html http://rhn.redhat.com/errata/RHSA-2017-0333.html http://rhn.redhat.com/errata/RHSA-2017-0334.html http://rhn.redhat.com/errata/RHSA-2017-0350.html http://rhn.redhat.com/errata/RHSA-2017-0351.html http://rhn • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 29EXPL: 0

CVE-2017-2615 – Qemu: display: cirrus: oob access while doing bitblt copy backward mode

https://notcve.org/view.php?id=CVE-2017-2615

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. Quick emulator (QEMU) con soporte integrado para el emulador Cirrus CLGD 54xx VGA es vulnerable a un problema de acceso fuera de límites. Podría ocurrir mientras se copian datos VGA mediante la copia bitblt en modo backward. • http://rhn.redhat.com/errata/RHSA-2017-0309.html http://rhn.redhat.com/errata/RHSA-2017-0328.html http://rhn.redhat.com/errata/RHSA-2017-0329.html http://rhn.redhat.com/errata/RHSA-2017-0330.html http://rhn.redhat.com/errata/RHSA-2017-0331.html http://rhn.redhat.com/errata/RHSA-2017-0332.html http://rhn.redhat.com/errata/RHSA-2017-0333.html http://rhn.redhat.com/errata/RHSA-2017-0334.html http://rhn.redhat.com/errata/RHSA-2017-0344.html http://rhn • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •