Lucene search
+L

9 matches found

Xen Project
Xen Project
added 2015/04/20 5:10 p.m.67 views

Information leak through XEN_DOMCTL_gettscinfo

ISSUE DESCRIPTION The handler for XENDOMCTLgettscinfo failed to initialize a padding field subsequently copied to guest memory. A similar bug existed in XENSYSCTLgetdomaininfolist, which is addressed by the patches provided here even though that operation was declared by XSA-77 not to provide...

2.9CVSS9AI score0.00793EPSS
Exploits0Affected Software1
NVD
NVD
added 2013/09/12 6:37 p.m.23 views

CVE-2013-4329

The xenlight library libxl in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction...

6.5CVSS6.5AI score0.00531EPSS
Exploits0References5
NVD
NVD
added 2013/08/28 9:55 p.m.25 views

CVE-2013-2211

The libxenlight libxl toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors...

7.4CVSS6.1AI score0.00562EPSS
Exploits0References6
NVD
NVD
added 2013/08/28 9:55 p.m.29 views

CVE-2013-2072

Buffer overflow in the Python bindings for the xcvcpusetaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service memory corruption and xend toolstack crash and possibly gain privileges via a crafted cpumap...

7.4CVSS6.7AI score0.01058EPSS
Exploits0References7
NVD
NVD
added 2013/08/28 9:55 p.m.26 views

CVE-2013-2077

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service unhandled exception and hypervisor crash via unspecified vectors...

5.2CVSS6AI score0.00531EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2013/08/28 9:55 p.m.30 views

CVE-2013-2211

The libxenlight libxl toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors...

7.4CVSS5.9AI score0.00562EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2013/08/28 9:55 p.m.34 views

CVE-2013-2072

Buffer overflow in the Python bindings for the xcvcpusetaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service memory corruption and xend toolstack crash and possibly gain privileges via a crafted cpumap...

7.4CVSS5.9AI score0.01058EPSS
Exploits0References2
CVE
CVE
added 2013/08/28 5:0 p.m.82 views

CVE-2013-2072

CVE-2013-2072 is a buffer overflow in the Python bindings for xc_vcpu_setaffinity in Xen 4.0.x–4.2.x. Local administrators with VCPU affinity configuration permissions could trigger memory corruption, toolstack crashes, and potentially privilege escalation via a crafted cpumap. Connected advisori...

7.4CVSS4.3AI score0.01058EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/08/28 5:0 p.m.30 views

CVE-2013-2211

The libxenlight libxl toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors...

3.6AI score0.00562EPSS
Exploits0References6
Rows per page
Query Builder