Lucene search
K

108 matches found

OSV
OSV
added 2020/07/07 1:15 p.m.1 views

DEBIAN-CVE-2020-15567

An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, Xen would in some circumstances use a series of non-atomic bitfield write...

7.8CVSS8.2AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2020/07/07 1:15 p.m.2 views

DEBIAN-CVE-2020-15563

An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. An inverted conditional in x86 HVM guests' dirty video RAM tracking code allows such guests to make Xen de-reference a pointer guaranteed to point at unmapped space. A malicious or buggy HV...

6.5CVSS7.8AI score0.00413EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/04/23 12:0 a.m.7 views

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to gain increased privileges.

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

7.4CVSS6.9AI score0.01567EPSS
Exploits0References3
OSV
OSV
added 2019/12/11 6:16 p.m.5 views

UBUNTU-CVE-2019-19577

An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. When running on AMD systems with an IOMMU, Xen attempted to dynamically adapt the number ...

7.2CVSS6.8AI score0.00503EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/06/26 12:0 a.m.3 views

The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to execute arbitrary code in the host operating system.

The vulnerability of the Hyper-V hardware virtualization technology in the Windows operating system exists due to insufficient verification of input data on the host server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the host operating system using a...

7.7CVSS6.4AI score0.01441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/06/11 12:0 a.m.1 views

PT-2019-2479 · Microsoft · Windows Hyper-V +1

Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to insufficient input validation in the Hyper-V hardware virtualization system of the Windows operating system. This can be exploited by a remote attacker using...

6.8CVSS7.1AI score0.01879EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2019/06/06 12:0 a.m.21 views

The vulnerability of the Hyper-V hardware virtualization system for Windows operating systems allows attackers to disclose sensitive information that should be protected.

The vulnerability of the Hyper-V hardware virtualization technology for Windows operating systems is related to errors in the authentication process in the guest operating system. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

6.8CVSS7.1AI score0.01724EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2018/11/07 12:0 a.m.7 views

The vulnerability of Microsoft Hyper-V hardware virtualization system for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Hyper-V hardware virtualization technology for Windows operating systems exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code on the host operating system through a specially created...

7.6CVSS8.1AI score0.04126EPSS
Exploits0References4
OSV
OSV
added 2018/11/01 12:29 a.m.2 views

ALPINE-CVE-2018-18883

An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service NULL pointer dereference or possibly have unspecified other impact because nested VT-x is not properly restricted...

8.8CVSS7.3AI score0.00437EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/09/14 12:0 a.m.7 views

The vulnerability of Microsoft Hyper-V hardware virtualization system for Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Hyper-V hardware virtualization technology for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host operating system through a specially created...

7.6CVSS8.2AI score0.04309EPSS
Exploits0References4
OSV
OSV
added 2018/07/02 5:29 p.m.5 views

UBUNTU-CVE-2018-12893

An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can crash Xen, leadi...

6.5CVSS6.8AI score0.00414EPSS
Exploits0References3
OSV
OSV
added 2017/10/18 8:29 a.m.2 views

UBUNTU-CVE-2017-15592

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service hypervisor crash or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests...

8.8CVSS7.3AI score0.0043EPSS
Exploits0References3
Securelist
Securelist
added 2017/09/19 10:0 a.m.275 views

A Modern Hypervisor as a Basis for a Sandbox

In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment or vice versa, to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, including an...

9.3CVSS10AI score0.86053EPSS
Exploits2
OSV
OSV
added 2017/02/22 4:59 p.m.3 views

ALPINE-CVE-2016-9377

Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service guest crash by leveraging IDT entry miscalculation...

5.5CVSS6.2AI score0.0039EPSS
Exploits0References1
OSV
OSV
added 2017/01/26 3:59 p.m.1 views

DEBIAN-CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...

5.5CVSS8.4AI score0.00451EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2016/11/07 1:50 p.m.59 views

Microsoft Tears off the Band-Aid with EMET

Microsoft last week extended the end-of-life expiration date to July 2018 on its exploit mitigation add-on, the Enhanced Mitigation Experience Toolkit EMET. But for some time, the once-useful tool has been well on its way out to pasture. While EMET was never meant to be anything more than stopgap...

9.3CVSS0.9AI score0.99945EPSS
Exploits33References4
OSV
OSV
added 2016/09/21 2:25 p.m.1 views

ALPINE-CVE-2016-7094

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update...

4.1CVSS6.5AI score0.00392EPSS
Exploits0References1
CNVD
CNVD
added 2016/01/28 12:0 a.m.5 views

Xen 'paging_invlpg' function denial of service vulnerability

Xen is an open source virtual machine monitor product developed by the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in t...

6.3CVSS8.2AI score0.01277EPSS
Exploits0References1
OSV
OSV
added 2016/01/22 3:59 p.m.2 views

DEBIAN-CVE-2016-1571

The paginginvlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service host crash via a non-canonical guest address in an INVVPID instruction, which triggers a...

6.3CVSS8.2AI score0.01277EPSS
Exploits0References1
CNVD
CNVD
added 2015/06/04 12:0 a.m.3 views

Xen Denial of Service Vulnerability (CNVD-2015-03573)

Xen is an open source virtual machine monitor. Xen versions 3.3.x-4.5.x, fail to properly restrict write access to the host MSI message data field, which can be exploited by local x86 HVM client administrators to cause a denial of service unexpected outage and host crash...

4.9CVSS6.3AI score0.0045EPSS
Exploits0References1
Rows per page
Query Builder