7 matches found
CVE-2015-4164
The compatiret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service large loop and system hang via a hypercalliret call with EFLAGS.VM set...
Code injection
The compatiret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service large loop and system hang via a hypercalliret call with EFLAGS.VM set...
Information leak through outs instruction emulation
ISSUE DESCRIPTION The emulation of the outs instruction for 64-bit PV guests uses an uninitialized variable as the segment base for the source data if an FS: or GS: segment override is used, and if the segment descriptor the respective non-null selector in the corresponding selector register poin...
CVE-2007-3919
1 xenbaked and 2 xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm...
CVE-2007-3919
1 xenbaked and 2 xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm...
Code injection
1 xenbaked and 2 xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm...
CVE-2007-3919
1 xenbaked and 2 xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm...