864 matches found
Xen Denial of Service Vulnerability (CNVD-2015-03572)
Xen is an open source virtual machine monitor. Xen versions 3.3.x-4.5.x, fail to properly restrict access to the PCI MSI mask bit, which can be exploited by native x86 HVM clients to cause a denial of service unexpected outage and host crash...
UBUNTU-CVE-2015-4104
Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service unexpected interrupt and host crash via unspecified vectors...
DEBIAN-CVE-2015-2752
The XENDOMCTLmemorymapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service host CPU consumption via a crafted request to the device model qemu-dm...
OWASP SSL audit: O-Saft
O-Saft is an easy to use tool to show informations about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations. It’s designed to be used by penetration testers, security auditors or server administrators. The idea is to show the important...
JVN#13313061: TOSHIBA TEC e-Studio series vulnerable to cross-site request forgery
e-Studio provided by TOSHIBA TEC CORPORATION is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in a cross-site request forgery. Impact If the administrator views a malicious page while logged into the...
UBUNTU-CVE-2013-0231
The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are...
kernel: kvm: device assignment DoS
The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...
JVN#92830293: TOSHIBA TEC e-Studio series vulnerable to authentication bypass
e-Studio is a multi-function peripheral MFP. Multiple e-Studio series products contain a vulnerability in web-based management utility, which may result in an authentication bypass. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may...
kernel: kvm: device assignment DoS
The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...
kernel: kvm: device assignment DoS
The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...
Apple Patent Links Power Cord To Password Recovery
The filing, 20120005747A1, describes a method for storing a password recover secret on a peripheral device, including a power adapter. The development would, in essence, turn power cords and other peripherals into a second factor that would make it harder for thieves to gain access to devices the...
virt: VT-d (PCI passthrough) MSI trap injection
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."...
kernel: xen: IOMMU fault livelock
Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCIE device to cause a denial of service CPU consumption and host hang via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock...
VT-d (PCI passthrough) MSI trap injection
ISSUE DESCRIPTION Intel VT-d chipsets without interrupt remapping do not prevent a guest which owns a PCI device from using DMA to generate MSI interrupts by writing to the interrupt injection registers. This can be exploited to inject traps and gain control of the host. VULNERABLE SYSTEMS You ar...
HP MFP Digital Sending Software 4.91.0 Local Authentication Bypass
The remote Windows host contains HP MFP Digital Sending Software version 4.91.0. This version is potentially affected by an authentication bypass vulnerability related to device configuration templates. A local attacker, exploiting this flaw, reportedly can gain unauthorized access to functionali...
CVE-2011-0279
HP Multifunction Peripheral MFP Digital Sending Software DSS 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication...
Authentication flaw
HP Multifunction Peripheral MFP Digital Sending Software DSS 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication...
CVE-2011-0279
HP Multifunction Peripheral MFP Digital Sending Software DSS 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication...
HP MFP Digital Sending Software Detection
The remote Windows host contains HP MFP Digital Sending Software, an application that enables an HP Multifunction Peripheral MFP to send scanned documents directly to several types of destinations. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid46675;...
CVE-2010-1558
Unspecified vulnerability in HP Multifunction Peripheral MFP Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors...