5619 matches found
No memory limit for dom0less domUs (XSA-383)
The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allows a domain to allocate memory beyond what an administrator originally configured. Note that Nessus has not tested for this issue...
The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a attacker to cause a service failure.
The vulnerability of the rhttpproxy service of the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the VMX service on the VMware Cloud Foundation virtualization platform and the VMware ESXi hypervisor allows a perpetrator to escalate their privileges.
The vulnerability of the VMX service on the VMware Cloud Foundation and the VMware ESXi hypervisor platform is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Xen hypervisors relates to the insecure management of privileges, which allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of Xen hypervisors is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of Xen hypervisors, related to the use of memory after it is freed, allows attackers to obtain confidential information, increase their privileges, or cause the application to terminate abnormally.
The vulnerability of Xen hypervisors is related to the use of memory after it has been freed. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...
The vulnerability of the dom0less Xen hypervisor function, allowing a attacker to trigger a service failure
The vulnerability of the dom0less Xen hypervisor relates to the provision of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause a service failure...
Vulnerabilities fixed in Xen
Vulnerabilities have been fixed in Xen Hypervisor. The vulnerabilities allow a malicious party to carry out attacks execute attacks that potentially lead to the following categories of damage: Denial-of-Service DoS. Obtaining elevated privileges Accessing sensitive data Xen has published mitigati...
[SECURITY] [DSA 5117-1] xen security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5117-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 10, 2022 https://www.debian.org/security/faq -...
The vulnerability of Xen hypervisors, related to deficiencies in access control, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of Xen hypervisors is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of Xen hypervisors relates to the execution of a loop with an unavailable exit condition, allowing a malicious actor to cause a service failure.
The vulnerability of Xen hypervisors relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows an attacker to cause a service failure...
The vulnerability of Xen hypervisors, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of Xen hypervisors is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a attacker to cause service failures...
Citrix Releases Security Updates for Hypervisor
Citrix has released security updates to address a vulnerability in Hypervisor. An attacker could exploit this vulnerability to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX390511 and apply the necessary updates. This product is...
CVE-2022-26357
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the...
UBUNTU-CVE-2022-26356
Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dirty hypercalls. A suitably timed call to XENDMOPtrackdirtyvram can enable log dirty whil...
Citrix Hypervisor Security Update
A security issue has been identified that affects Citrix Hypervisor. This issue may allow privileged code in a guest VM to cause the host to crash or become unresponsive. The issue only affects systems with Intel CPUs where the malicious guest VM has had a physical PCI device assigned to it by th...
[SECURITY] Fedora 36 Update: xen-4.16.0-5.fc36
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
Xen 竞争条件问题漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that stems...
[SECURITY] Fedora 35 Update: xen-4.15.2-2.fc35
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
[SECURITY] Fedora 34 Update: xen-4.14.4-2.fc34
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
AZL-42715 CVE-2018-25032 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
zlib before 1.2.12 allows memory corruption when deflating i.e., when compressing if the input has many distant matches...