Lucene search
K

5619 matches found

Tenable Nessus
Tenable Nessus
added 2022/04/19 12:0 a.m.35 views

No memory limit for dom0less domUs (XSA-383)

The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allows a domain to allocate memory beyond what an administrator originally configured. Note that Nessus has not tested for this issue...

6.8CVSS5.2AI score0.0187EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.5 views

The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a attacker to cause a service failure.

The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS7.4AI score0.0228EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/15 12:0 a.m.5 views

The vulnerability of the VMX service on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a perpetrator to escalate their privileges.

The vulnerability of the VMX service on the VMware Cloud Foundation and the VMware ESXi hypervisor platform is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.1CVSS7.5AI score0.00291EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.5 views

The vulnerability of Xen hypervisors relates to the insecure management of privileges, which allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of Xen hypervisors is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

7.8CVSS7.2AI score0.00263EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.6 views

The vulnerability of Xen hypervisors, related to the use of memory after it is freed, allows attackers to obtain confidential information, increase their privileges, or cause the application to terminate abnormally.

The vulnerability of Xen hypervisors is related to the use of memory after it has been freed. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...

8CVSS7.5AI score0.00427EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.4 views

The vulnerability of the dom0less Xen hypervisor function, allowing a attacker to trigger a service failure

The vulnerability of the dom0less Xen hypervisor relates to the provision of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause a service failure...

6.8CVSS5.6AI score0.0187EPSS
Exploits0References9Affected Software4
NCSC
NCSC
added 2022/04/12 12:0 a.m.2 views

Vulnerabilities fixed in Xen

Vulnerabilities have been fixed in Xen Hypervisor. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially lead to the following categories of damage: Denial-of-Service DoS. Obtaining elevated privileges Accessing sensitive data Xen has published mitigati...

7.8CVSS6.8AI score0.00344EPSS
Exploits0
Debian
Debian
added 2022/04/10 6:7 p.m.36 views

[SECURITY] [DSA 5117-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5117-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2022 https://www.debian.org/security/faq -...

7.8CVSS8AI score0.00352EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.8 views

The vulnerability of Xen hypervisors, related to deficiencies in access control, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of Xen hypervisors is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

7.2CVSS6.6AI score0.00381EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.7 views

The vulnerability of Xen hypervisors relates to the execution of a loop with an unavailable exit condition, allowing a malicious actor to cause a service failure.

The vulnerability of Xen hypervisors relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows an attacker to cause a service failure...

5.5CVSS6AI score0.00348EPSS
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/07 12:0 a.m.6 views

The vulnerability of Xen hypervisors, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of Xen hypervisors is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a attacker to cause service failures...

5.5CVSS5.8AI score0.00353EPSS
Exploits0References5Affected Software3
CISA
CISA
added 2022/04/06 12:0 a.m.14 views

Citrix Releases Security Updates for Hypervisor

Citrix has released security updates to address a vulnerability in Hypervisor. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX390511 and apply the necessary updates. This product is...

1.9AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/04/05 1:15 p.m.33 views

CVE-2022-26357

race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the...

7CVSS6.7AI score0.00248EPSS
Exploits0References5
OSV
OSV
added 2022/04/05 1:15 p.m.3 views

UBUNTU-CVE-2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dirty hypercalls. A suitably timed call to XENDMOPtrackdirtyvram can enable log dirty whil...

5.6CVSS6.7AI score0.00232EPSS
Exploits0References6
Citrix
Citrix
added 2022/04/05 10:50 a.m.75 views

Citrix Hypervisor Security Update

A security issue has been identified that affects Citrix Hypervisor. This issue may allow privileged code in a guest VM to cause the host to crash or become unresponsive. The issue only affects systems with Intel CPUs where the malicious guest VM has had a physical PCI device assigned to it by th...

7CVSS4.1AI score0.00248EPSS
Exploits0
Fedora
Fedora
added 2022/04/05 12:17 a.m.10 views

[SECURITY] Fedora 36 Update: xen-4.16.0-5.fc36

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

2.1AI score
Exploits0
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.6 views

Xen 竞争条件问题漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that stems...

7CVSS6.4AI score0.00248EPSS
Exploits0References12
Fedora
Fedora
added 2022/03/30 1:29 a.m.12 views

[SECURITY] Fedora 35 Update: xen-4.15.2-2.fc35

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

2.1AI score
Exploits0
Fedora
Fedora
added 2022/03/28 1:3 a.m.12 views

[SECURITY] Fedora 34 Update: xen-4.14.4-2.fc34

This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...

2.1AI score
Exploits0
OSV
OSV
added 2022/03/25 9:15 a.m.5 views

AZL-42715 CVE-2018-25032 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...

7.5CVSS6.7AI score0.51733EPSS
Exploits1References1
Rows per page
Query Builder