Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2337-1
HistoryNov 06, 2011 - 12:00 a.m.

xen - several vulnerabilities

2011-11-0600:00:00
Google
osv.dev
8

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

JSON

Several vulnerabilities were discovered in the Xen virtual machine
hypervisor.

  • CVE-2011-1166
    A 64-bit guest can get one of its vCPUs into non-kernel
    mode without first providing a valid non-kernel pagetable,
    thereby locking up the host system.
  • CVE-2011-1583, CVE-2011-3262
    Local users can cause a denial of service and possibly execute
    arbitrary code via a crafted paravirtualised guest kernel image.
  • CVE-2011-1898
    When using PCI passthrough on Intel VT-d chipsets that do not
    have interrupt remapping, guest OS users can gain host OS
    privileges by writing to the interrupt injection registers.

The oldstable distribution (lenny) contains a different version of Xen
not affected by these problems.

For the stable distribution (squeeze), this problem has been fixed in
version 4.0.1-4.

For the testing (wheezy) and unstable distribution (sid), this problem
has been fixed in version 4.1.1-1.

We recommend that you upgrade your xen packages.

CPENameOperatorVersion
xeneq4.0.1-2

Related

securityvulns 1
openvas 45
nessus 36
debian 1
oraclelinux 7
redhat 5
centos 3
fedora 8
veracode 4
prion 4
ubuntucve 4
debiancve 4
cve 4
suse 4
altlinux 2
vmware 2
gentoo 1
securityvulns
securityvulns
Xen multiple security vulnerabilities
2011-11-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 2337-1 (xen)
2012-02-11 00:00:00
Debian: Security Advisory (DSA-2337-1)
2012-02-11 00:00:00
Oracle: Security Advisory (ELSA-2011-0496)
2015-10-06 00:00:00
nessus
nessus
Debian DSA-2337-1 : xen - several vulnerabilities
2011-11-07 00:00:00
Oracle Linux 5 : xen (ELSA-2011-0496)
2013-07-12 00:00:00
RHEL 5 : xen (RHSA-2011:0496)
2011-05-10 00:00:00
debian
debian
[SECURITY] [DSA 2337-1] xen security update
2011-11-06 08:21:43
oraclelinux
oraclelinux
xen security update
2011-05-09 00:00:00
kernel security, bug fix, and enhancement update
2011-11-29 00:00:00
Unbreakable Enterprise kernel security and bug fix update
2011-08-24 00:00:00
redhat
redhat
(RHSA-2011:0496) Important: xen security update
2011-05-09 00:00:00
(RHSA-2012:0358) Important: kernel security and bug fix update
2012-03-06 00:00:00
(RHSA-2011:1479) Important: kernel security, bug fix, and enhancement update
2011-11-29 00:00:00
centos
centos
xen security update
2011-05-11 10:24:15
kernel security update
2011-11-30 10:33:41
kernel security update
2011-05-31 23:49:24
fedora
fedora
[SECURITY] Fedora 14 Update: xen-4.0.2-1.fc14
2011-06-29 21:59:29
[SECURITY] Fedora 15 Update: xen-4.1.1-1.fc15
2011-06-29 21:54:50
[SECURITY] Fedora 15 Update: xen-4.1.1-3.fc15
2011-08-31 01:26:27
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:56:38
Privilege Escalation
2020-04-10 01:06:37
Denial Of Service (DoS)
2020-04-10 00:56:14
prion
prion
Design/Logic Flaw
2011-08-19 20:55:00
Code injection
2014-01-07 19:55:00
Design/Logic Flaw
2011-08-12 18:55:00
ubuntucve
ubuntucve
CVE-2011-3262
2011-08-19 00:00:00
CVE-2011-1898
2011-08-12 00:00:00
CVE-2011-1166
2014-01-07 00:00:00
debiancve
debiancve
CVE-2011-3262
2011-08-19 20:55:00
CVE-2011-1166
2014-01-07 19:55:00
CVE-2011-1898
2011-08-12 18:55:00
cve
cve
CVE-2011-3262
2011-08-19 20:55:00
CVE-2011-1166
2014-01-07 19:55:00
CVE-2011-1898
2011-08-12 18:55:00
suse
suse
Security update for Xen (important)
2011-08-24 21:08:22
xen: Fixed a security bug and various other bugs (important)
2011-08-24 21:08:18
Security update for Xen (important)
2011-08-19 18:08:18
altlinux
altlinux
Security fix for the ALT Linux 6 package xen version 4.1.1-alt1
2011-06-15 00:00:00
Security fix for the ALT Linux 6 package xen version 4.1.0-alt2
2011-05-10 00:00:00
vmware
vmware
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
VMware ESXi and ESX updates to third party library and ESX Service Console
2012-01-30 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2013-09-27 00:00:00

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

JSON
Related for OSV:DSA-2337-1
securityvulns1openvas45nessus36debian1oraclelinux7redhat5centos3fedora8veracode4prion4ubuntucve4debiancve4cve4suse4altlinux2vmware2gentoo1