38 matches found
EUVD-2013-4240
Malware in sbrugna...
EUVD-2013-4251
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-8104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service host OS panic or hang by...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3502)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3502 advisory. - KEYS: Don't permit requestkey to construct a new keyring David Howells Orabug: 22373449 CVE-2015-7872 - crypto: add missing crypto module aliases...
CVE-2015-0361
CVE-2015-0361 : Use-after-free in Xen 4.2.x/4.3.x/4.4.x allows remote domains to crash the system via a crafted hypercall during HVM guest teardown. The initial description does not provide exploit details beyond this, and no remediation or affected patch version is stated in the provided documen...
CVE-2014-3967
The HVMOPinjectmsi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service NULL pointer dereference and crash via unspecified vectors...
CVE-2014-3968
The HVMOPinjectmsi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service host crash via a large number of crafted requests, which trigger an error messages to be logged...
CVE-2014-3967
The HVMOPinjectmsi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service NULL pointer dereference and crash via unspecified vectors...
CVE-2014-1891
Multiple integer overflows in the 1 FLASKGETBOOL, 2 FLASKSETBOOL, 3 FLASKUSER, and 4 FLASKCONTEXTTOSID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, ...
CVE-2014-1895
Off-by-one error in the flasksecurityavccachestats function in xsm/flask/flaskop.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service host crash or obtain sensitive information from hypervisor memory by leveraging a...
Code injection
The 1 dosend and 2 dorecv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."...
CVE-2014-1891
Multiple integer overflows in the 1 FLASKGETBOOL, 2 FLASKSETBOOL, 3 FLASKUSER, and 4 FLASKCONTEXTTOSID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, ...
Integer overflow
Multiple integer overflows in the 1 FLASKGETBOOL, 2 FLASKSETBOOL, 3 FLASKUSER, and 4 FLASKCONTEXTTOSID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, ...
Buffer overflow
Off-by-one error in the flasksecurityavccachestats function in xsm/flask/flaskop.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service host crash or obtain sensitive information from hypervisor memory by leveraging a...
CVE-2014-1895
Off-by-one error in the flasksecurityavccachestats function in xsm/flask/flaskop.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service host crash or obtain sensitive information from hypervisor memory by leveraging a...
CVE-2014-1891
CVE-2014-1891 affects the Xen hypervisor for multiple 4.x branches and older (3.2.x and earlier) when XSM is enabled. The issue is described as multiple integer overflows in the FLASK_GETBOOL, FLASK_SETBOOL, FLASK_USER, and FLASK_CONTEXT_TO_SID suboperations of the flask hypercall, enabling a loc...
CVE-2014-1891
Multiple integer overflows in the 1 FLASKGETBOOL, 2 FLASKSETBOOL, 3 FLASKUSER, and 4 FLASKCONTEXTTOSID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service processor fault via unspecified vectors, ...
CVE-2014-1642
The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service memory corruption and hypervisor crash and possibly...
Design/Logic Flaw
The dophysdevop function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the 1 PHYSDEVOPpreparemsix and 2 PHYSDEVOPreleasemsix operations, which allows local PV guests to cause a denial of service host or guest malfunction or possibly gain privileges via...
CVE-2014-1666
The dophysdevop function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the 1 PHYSDEVOPpreparemsix and 2 PHYSDEVOPreleasemsix operations, which allows local PV guests to cause a denial of service host or guest malfunction or possibly gain privileges via...