CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1918
https://notcve.org/view.php?id=CVE-2013-1918
Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table traversal." Determinadas operaciones de manipulación de tablas en Xen 4.1.x, 4.2.x y anteriores, permite a kernels PV locales provocar una denegación de servicio a través de vectores relacionados con "deep page table traversal." • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105533.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://secunia.com/advisories/53187 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2013/dsa-2666 http://www.openwall.com/lists/oss-security/2013/05/02/8 http://www.securityfocus.com/bid/59615 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 0CVE-2013-1964
https://notcve.org/view.php?id=CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors. Xen versiones 4.0.x y 4.1.x, libera incorrectamente una referencia de concesión al liberar una concesión sin-v1, sin transmitir, que permite a los administradores invitados locales causar una denegación de servicio (bloqueo del host), obtener información, o posiblemente tener otros impactos por medio de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2013/dsa-2666 http://www.openwall.com/lists/oss-security/2013/04/18/9 http://www.securityfocus.com/bid/59293 http://www.securitytracker.com/id/1028459 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 1.9EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1917
https://notcve.org/view.php?id=CVE-2013-1917
Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction. Xen 3.1 a la 4.x, cuando ejecuta hosts con arquitectura de 64 bits en CPUs Intel, no limpia la bandera NT cuan emplea una IRET después de una instrucción SYSENTER, lo que permite a usuarios PV provocar una denegación de servicio (caída del hypervisor) provocando un fallo #GP que no está manejado adecuadamente por otra instrucción IRET. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2012/dsa-2 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2013-1919
https://notcve.org/view.php?id=CVE-2013-1919
Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices." Xen 4.2.x y 4.1.x no restringe adecuadamente el acceso a las IRQs, lo que permite a clientes locales del subdominio obtener acceso a IRQs y provocar una denegación de servicio a través de vectores relacionados con "dispositivos PCI o passed-through IRQs". • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104537.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104538.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/glsa-201309-24.xml http://www.debian.org/security/2013/dsa-2662 http://www.openwall.com/lists/oss-security/2013/04/18/6 htt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 29EXPL: 0CVE-2013-1920
https://notcve.org/view.php?id=CVE-2013-1920
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. Xen v4.2.x, v4.1.x, y anteriores, cuando el hypervisor se está ejecutando "bajo presión de memoria" y el Módulo de Seguridad Xen (XSM) está activado, usa un orden de operaciones incorrecto cuando se extiende la tabla de seguimiento del canal de eventos por dominio, lo que ocasiona una vulnerabilidad de uso después de liberación y permite inyectar eventos de su elección a los núcleos locales de clientes y obtener privilegios a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00049.html http://lists.xen.org/archives/html/xen-announce/2013-04/msg00000.html http://osvdb.org/92050 http://secunia.com/advisories/52857 http://secunia.com/advisories/55082 http://security.gentoo.org/glsa/gls • CWE-264: Permissions, Privileges, and Access Controls •