CVE-2026-45702

OP-TEE OS contains a type confusion in the SPMC tmem path when processing an FFA_MEM_SHARE request, affecting 4.3.0 through prior to 4.11.0 for systems configured with CFG_CORE_SEL1_SPMC=y and CFG_SECURE_PARTITION=y. This can impact availability (kernel/OP-TEE stability) with no reported confiden...

Mobile Events Manager < 1.4.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Payload used: alert/XSS/ - Put the payload in the TMEM Events Settings Events Event prefix field, then Creat...

CVE-2012-6033

The dotmemcontrol function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too...

CVE-2012-6034

The 1 tmemcsavegetnextpage and 2 tmemcsavegetnextinv functions and the 3 TMEMCSAVEGETPOOLUUID sub-operation in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service memory corrupti...

openSUSE Security Update : XEN (openSUSE-SU-2012:1572-1)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...

GLSA-201309-24 : Xen: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201309-24 Xen: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : Guest domains could possibly gain privileges, execute arbitrary...

Xen: Multiple vulnerabilities

Background Xen is a bare-metal hypervisor. Description Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain...

SuSE 11.2 Security Update : Xen (SAT Patch Number 7018)

XEN was updated to fix various bugs and security issues : The following security issues have been fixed : - xen: Domain builder Out-of-memory due to malicious kernel/ramdisk XSA 25. CVE-2012-4544 - XEN / qemu: guest administrator can access qemu monitor console XSA-19. CVE-2012-4411 - xen: Timer...

XEN: security and bugfix update (important)

This security update of XEN fixes various bugs and security issues. - Upstream patch 26088-xend-xml-filesize-check.patch - bnc787163 - CVE-2012-4544: xen: Domain builder Out-of- memory due to malicious kernel/ramdisk XSA 25 CVE-2012-4544-xsa25.patch - bnc779212 - CVE-2012-4411: XEN / qemu: guest...

CVE-2012-6036

The 1 memcsavegetnextpage, 2 tmemcrestoreputpage and 3 tmemcrestoreflushpage functions in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service memory corruption and host crash or possibly execute...

CVE-2012-3497

1 TMEMCSAVEGETCLIENTWEIGHT, 2 TMEMCSAVEGETCLIENTCAP, 3 TMEMCSAVEGETCLIENTFLAGS and 4 TMEMCSAVEEND in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service NULL pointer dereference or memory corruption and host crash or possibly have other...

CVE-2012-6036

The 1 memcsavegetnextpage, 2 tmemcrestoreputpage and 3 tmemcrestoreflushpage functions in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service memory corruption and host crash or possibly execute...

CVE-2012-3497

1 TMEMCSAVEGETCLIENTWEIGHT, 2 TMEMCSAVEGETCLIENTCAP, 3 TMEMCSAVEGETCLIENTFLAGS and 4 TMEMCSAVEEND in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service NULL pointer dereference or memory corruption and host crash or possibly have other...

CVE-2012-6035

The dotmemdestroypool function in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service memory corruption and host crash or execute arbitrary code via unspecified vectors. NOTE: this issue was...

CVE-2012-6034

CVE-2012-6034 affects Xen TMEM (Transcendent Memory) in Xen 4.0–4.2. The vulnerable code paths are tmemc_save_get_next_page, tmemc_save_get_next_inv, and the TMEMC_SAVE_GET_POOL_UUID sub-operation, which fail to validate incoming guest output buffer pointers. This can allow a local guest OS user ...

CVE-2012-6031

Technical details about CVE-2012-6031 are not publicly available in the provided Connected documents. The Xen TMEM denial-of-service issue, including affected versions and exact vectors, cannot be confirmed here. Monitor for updates and new disclosures.

CVE-2012-3497

1 TMEMCSAVEGETCLIENTWEIGHT, 2 TMEMCSAVEGETCLIENTCAP, 3 TMEMCSAVEGETCLIENTFLAGS and 4 TMEMCSAVEEND in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service NULL pointer dereference or memory corruption and host crash or possibly have other...

CVE-2012-6033

Technical details for CVE-2012-6033 are not provided in the connected documents. The initial description notes a privilege check flaw in Xen TMEM, but no specifics on affected versions, impact, or fixes are available here. Monitor for updates.

CVE-2012-6036

The 1 memcsavegetnextpage, 2 tmemcrestoreputpage and 3 tmemcrestoreflushpage functions in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service memory corruption and host crash or possibly execute...

CVE-2012-6034

The 1 tmemcsavegetnextpage and 2 tmemcsavegetnextinv functions and the 3 TMEMCSAVEGETPOOLUUID sub-operation in the Transcendent Memory TMEM in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service memory corrupti...