CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6416 – Security: vulnerability of copy_to_user in PAL emulation
https://notcve.org/view.php?id=CVE-2007-6416
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations. La función copy_to_user en la funcionalidad del emulador PAL para Xen 3.1.2 y anteriores, cuando funciona sobre sistemas ia64, permite a un usuario invitado HVM acceder a la memoria física de su elección a través de un disparo de ciertas operaciones de mapeo. • http://osvdb.org/41344 http://secunia.com/advisories/28146 http://secunia.com/advisories/28643 http://www.redhat.com/support/errata/RHSA-2008-0089.html http://www.securityfocus.com/bid/26954 http://xenbits.xensource.com/ext/ia64/xen-unstable.hg?rev/e6069a715fd7 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9840 https://access.redhat.com/security/cve/CVE-2007-6416 https://bugzilla.redhat.com/show_bug.cgi?id=425381 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6207 – Security: some HVM domain can access another domain memory.
https://notcve.org/view.php?id=CVE-2007-6207
Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. Xen 3.x, posiblemente versiones anteriores a 3.1.2, ejecutándose en sistemas IA64, no comprueba el valor RID de mov_to_rr, lo cual permite a un dominio VTi leer memoria de otros dominios. • http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html http://lists.xensource.com/archives/html/xen-ia64-devel/2007-10/msg00189.html http://osvdb.org/41341 http://secunia.com/advisories/27915 http://secunia.com/advisories/29236 http://www.redhat.com/support/errata/RHSA-2008-0154.html http://www.securityfocus.com/bid/26716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9471 https://access.redhat.com/security/cve/CVE-200 • CWE-20: Improper Input Validation •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5906
https://notcve.org/view.php?id=CVE-2007-5906
Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. El Xen 3.1.1 permite a usuarios invitados virtuales provocar una denegación de servicio (caída del hypervisor) mediante el uso de un registro de depuración (DR7) para establecer ciertos puntos de ruptura. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://lists.xensource.com/archives/html/xen-devel/2007-10/msg01048.html http://secunia.com/advisories/28405 http://secunia.com/advisories/28412 http://secunia.com/advisories/28636 http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.securityfocus.com/bid/27219 •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5907 – kernel-xen 3.1.1 does not prevent modification of the CR4 TSC from applications (DoS possible)
https://notcve.org/view.php?id=CVE-2007-5907
Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). El Xen 3.1.1 no previene la modificación del CR4 TSC para aplicaciones, lo que permite a invitados pv provocar una denegación de servicio (caída). • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://lists.xensource.com/archives/html/xen-devel/2007-10/msg00932.html http://secunia.com/advisories/28405 http://secunia.com/advisories/28412 http://secunia.com/advisories/28636 http://secunia.com/advisories/32485 http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.redhat.com/support/errata/RHSA-2008-0957.html http://www.securityfocus.com/bid/27219 https://oval. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.0EPSS: 0%CPEs: 14EXPL: 0CVE-2007-3919 – xen xenmon.py / xenbaked insecure temporary file accesss
https://notcve.org/view.php?id=CVE-2007-3919
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. El (1) xenbaked y el (2) xenmon.py en el Xen 3.1 y versiones anteriores permite a usuarios locales truncar ficheros de su elección a través de un ataque de enlaces simbólicos en el /tmp/xenq-shm. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795 http://osvdb.org/41342 http://osvdb.org/41343 http://secunia.com/advisories/27389 http://secunia.com/advisories/27408 http://secunia.com/advisories/27486 http://secunia.com/advisories/27497 http://secunia.com/advisories/29963 http://www.debian.org/security/2007/dsa-1395 http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securit • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •