Lucene search
+L

198 matches found

nessus
nessus
added 2019/04/30 12:0 a.m.30 views

openSUSE Security Update : libvirt (openSUSE-2019-1294)

This update for libvirt fixes the following issues : Security issues fixed : - CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent bsc1127458. - CVE-2019-3886: Fixed an...

6.3CVSS6.5AI score0.0151EPSS
Exploits2References8
nessus
nessus
added 2019/04/29 12:0 a.m.21 views

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:1042-1)

This update for libvirt fixes the following issues : Security issues fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent bsc1127458. CVE-2019-3886: Fixed an informati...

6.3CVSS6.5AI score0.0151EPSS
Exploits2References10
nessus
nessus
added 2019/04/16 12:0 a.m.27 views

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2019:0948-1)

This update for libvirt fixes the following issues : Security issue fixed : CVE-2019-3840: Fixed a NULL pointer dereference vulnerability in virJSONValueObjectHasKey function which could have resulted in a remote denial of service via the guest agent bsc1127458. CVE-2019-3886: Fixed an informatio...

6.3CVSS6.5AI score0.0151EPSS
Exploits2References13
github
github
added 2019/02/18 11:34 p.m.27 views

Downloads Resources over HTTP in libxl

Affected versions of libxl insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

9.3CVSS3.5AI score0.01752EPSS
Exploits0References3Affected Software1
osv
osv
added 2019/02/18 11:34 p.m.19 views

GHSA-7VRQ-VG6P-32FW Downloads Resources over HTTP in libxl

Affected versions of libxl insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

9.3CVSS8AI score0.01752EPSS
Exploits0References4
nessus
nessus
added 2019/01/03 12:0 a.m.27 views

Fedora 28 : xen (2018-a7862a75f5)

preemption checks bypassed in x86 PV MM handling XSA-264, CVE-2018-12891 1595959 x86: DB exception safety check can be triggered by a guest XSA-265, CVE-2018-12893 1595958 libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266, CVE-2018-12892 1595957 Note that Tenable Network...

9.9CVSS6.9AI score0.02554EPSS
Exploits0References4
osv
osv
added 2018/10/18 12:48 p.m.6 views

SUSE-SU-2018:2081-2 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks XSA-266 bsc1097523. - CVE-2018-12893: Fix DB...

9.9CVSS6.8AI score0.02554EPSS
Exploits0References14
nessus
nessus
added 2018/09/07 12:0 a.m.23 views

SUSE SLES12 Security Update : libvirt (SUSE-SU-2018:2631-1) (Spectre)

This update for libvirt fixes the following issues : This new feature was added : bsc1094325, bsc1094725: libxl: Enable virsh blockresize for XEN guests This security issue was fixed: CVE-2017-5715: Additional fixes for the Spectre patches bsc1079869 The update package also includes non-security...

5.6CVSS7.2AI score0.74041EPSS
Exploits9References9
nessus
nessus
added 2018/07/30 12:0 a.m.34 views

SUSE SLES12 Security Update : xen (SUSE-SU-2018:2081-1)

This update for xen fixes the following issues: Security issues fixed : - CVE-2018-12891: Fix preemption checks bypass in x86 PV MM handling XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl failure to honour readonly flag on HVM emulated SCSI disks XSA-266 bsc1097523. - CVE-2018-12893: Fix DB...

9.9CVSS7.3AI score0.02554EPSS
Exploits0References19
nessus
nessus
added 2018/07/24 12:0 a.m.46 views

Fedora 27 : xen (2018-1a467757ce)

preemption checks bypassed in x86 PV MM handling XSA-264, CVE-2018-12891 x86: DB exception safety check can be triggered by a guest XSA-265, CVE-2018-12893 libxl fails to honour readonly flag on HVM emulated SCSI disks XSA-266, CVE-2018-12892 ---- Speculative register leakage from lazy FPU contex...

9.9CVSS6.9AI score0.02554EPSS
Exploits0References5
osv
osv
added 2018/07/17 2:50 p.m.9 views

SUSE-SU-2018:1981-1 Security update for xen

This update for xen fixes the following issues: Security issues fixed: - CVE-2018-3665: Fix Lazy FP Save/Restore issue XSA-267 bsc1095242. - CVE-2018-12891: Fix possible Denial of Service DoS via certain PV MMU operations that affect the entire host XSA-264 bsc1097521. - CVE-2018-12892: Fix libxl...

9.9CVSS6.3AI score0.02554EPSS
Exploits0References13
nvd
nvd
added 2018/07/02 5:29 p.m.21 views

CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

9.9CVSS9.3AI score0.02554EPSS
Exploits0References6
osv
osv
added 2018/07/02 5:29 p.m.6 views

UBUNTU-CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

9.9CVSS7.1AI score0.02554EPSS
Exploits0References3
prion
prion
added 2018/07/02 5:29 p.m.24 views

Design/Logic Flaw

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

6.5CVSS9.1AI score0.02554EPSS
Exploits0References6Affected Software2
osv
osv
added 2018/07/02 5:29 p.m.33 views

CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

9.9CVSS7.1AI score
Exploits0References6
osv
osv
added 2018/07/02 5:29 p.m.5 views

DEBIAN-CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

9.9CVSS9AI score0.02554EPSS
Exploits0References1
osv
osv
added 2018/07/02 5:29 p.m.5 views

ALPINE-CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

9.9CVSS6.7AI score0.02554EPSS
Exploits0References1
cve
cve
added 2018/07/02 5:0 p.m.92 views

CVE-2018-12892

Concretely, CVE-2018-12892 affects Xen 4.7–4.10.x when using libxl with qemu-xen: libxl fails to pass the readonly flag to QEMU for emulated SCSI disks (disk type sd) due to an erroneous merge conflict resolution. This can allow malicious guest administrators or certain users to write to original...

9.9CVSS6.2AI score0.02554EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2018/07/02 5:0 p.m.31 views

CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

6.4AI score0.02554EPSS
Exploits0References6
debiancve
debiancve
added 2018/07/02 5:0 p.m.40 views

CVE-2018-12892

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...

9.9CVSS1.9AI score0.02554EPSS
Exploits0
Rows per page
Query Builder