Page 9 of 49 results (0.007 seconds)

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. La sub-operación GNTTABOP_swap_grant_ref en el "grant table hypercall" en Xen v4.2 y Citrix XenServer v6.0.2 permite a los kernels locales de invitado o administradores causar una denegación de servicio (caída del host) y, posiblemente, obtener privilegios a través de una referencia manipulada que genera una escritura en una ubicación en memoria del hipervisor • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://secunia.com/advisories/50472 http://secunia.com/advisories/50530 http://support.citrix.com/article/CTX134708 http://wiki.xen.org/wiki/Security_Announcements#XSA-18_grant_table_entry_swaps_have_inadequate_bounds_checking http://www.openwall.com/lists/oss-security/2012/09/05/11 http://www.securityfocus.com/bid/55411 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. La hypercall physdev_get_free_pirq en arch/x86/physdev.c en Xen v4.1.x y Citrix XenServer v6.0.2 y anteriores utiliza el valor devuelto por la función get_free_pirq como un índice de la matriz sin comprobar que el valor de retorno indica un error, permitiendo a los huéspedes del OS invitado causar una denegación de servicio (escritura de memoria no válidas y caída del host) y, posiblemente, obtener privilegios a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://lists.xen.org/archives/html/xen-announce/2012-09/msg00001.html http://secunia.com/advisories/51413 http://secunia.com&#x • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. Citrix XenServer versiones 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0 y 5.0 Update 3, contiene una vulnerabilidad de Escalada de Privilegios Locales que podría permitir a usuarios locales con acceso a un sistema operativo invitado alcanzar privilegios elevados. • http://www.securityfocus.com/bid/55432 • CWE-269: Improper Privilege Management •

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. XENMEM_populate_physmap en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando el modo de traducción de página no se utiliza, permite a los kernels locales PV del SO invitado causar una denegación de servicio (caída del host) a través flags inválidos como MEMF_populate_on_demand. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-11 • CWE-16: Configuration •

CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. La hiperllamada et_debugreg en include/asm-x86/debugreg.h en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando se ejecuta sobre systemas x86-64, permite a usuarios locales del SO invitado generar una denegación de servicio (caída del host) mediante la escritura de ciertos bits reservados para el registro de control DR • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-09 • CWE-264: Permissions, Privileges, and Access Controls •