Lucene search
K

40 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8492

Malware in sbrugna...

5CVSS5.5AI score0.01163EPSS
Exploits0References5
Prion
Prion
added 2020/12/15 6:15 p.m.19 views

Information disclosure

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

4.9CVSS5.8AI score0.004EPSS
Exploits0References4Affected Software3
UbuntuCve
UbuntuCve
added 2020/12/15 6:15 p.m.36 views

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

5.5CVSS6.1AI score0.004EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/08/24 2:0 p.m.21 views

CVE-2017-12136

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service free list corruption and host crash or gain privileges on the host via vectors involving maptrack free list handling...

6.5AI score0.00311EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2017/08/24 2:0 p.m.35 views

CVE-2017-12136

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service free list corruption and host crash or gain privileges on the host via vectors involving maptrack free list handling...

7.8CVSS5.8AI score0.00311EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/08/15 4:29 p.m.30 views

CVE-2017-12855

Xen maintains the GTFread,writing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances, Xen will clear the...

6.5CVSS6.9AI score0.00398EPSS
Exploits0References2
CNVD
CNVD
added 2017/05/17 12:0 a.m.2 views

Xen memory corruption vulnerability (CNVD-2017-06936)

Xen is an open source virtual machine monitor product developed at the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A memory corruption vulnerability...

8.8CVSS7.7AI score0.00421EPSS
Exploits0References1
Prion
Prion
added 2017/01/26 3:59 p.m.30 views

Null pointer dereference

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...

2.1CVSS6.5AI score0.00451EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2017/01/26 3:59 p.m.36 views

CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...

5.5CVSS6.8AI score0.00451EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2017/01/26 3:0 p.m.56 views

CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions aka SVM allows local HVM guest OS users to cause a denial of service hypervisor crash by leveraging a missing NULL pointer check...

5.5CVSS4.3AI score0.00451EPSS
Exploits0
NVD
NVD
added 2016/06/07 2:6 p.m.17 views

CVE-2016-5242

The p2mteardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service NULL pointer dereference and host OS crash by creating concurrent domains and holding references to them, related to VMID exhaustion...

5.6CVSS5.8AI score0.00342EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/06/07 2:0 p.m.29 views

CVE-2016-4962

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service resource consumption or management facility confusion or gain host OS privileges by manipulating information in guest controlled areas of xenstore...

7.1AI score0.00399EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2016/06/02 1:49 p.m.31 views

CVE-2016-4962

The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service resource consumption or management facility confusion or gain host OS privileges by manipulating information in guest controlled areas of xenstore...

6.8CVSS5.2AI score0.00399EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/05/18 2:59 p.m.22 views

CVE-2016-4480

The guestwalktables function in arch/x86/mm/guestwalk.c in Xen 4.6.x and earlier does not properly handle the Page Size PS page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory...

8.4CVSS7.2AI score0.00542EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2016/05/18 2:0 p.m.43 views

CVE-2016-4480

The guestwalktables function in arch/x86/mm/guestwalk.c in Xen 4.6.x and earlier does not properly handle the Page Size PS page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory...

8.4CVSS4.8AI score0.00542EPSS
Exploits0
Prion
Prion
added 2016/04/14 2:59 p.m.26 views

Buffer overflow

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional aka qemu-dm device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries,...

6.6CVSS7AI score0.004EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2016/04/14 2:59 p.m.39 views

CVE-2015-8554

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional aka qemu-dm device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries,...

7.5CVSS7.2AI score0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/04/14 2:0 p.m.30 views

CVE-2015-8554

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional aka qemu-dm device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries,...

7.9AI score0.004EPSS
Exploits0References6
CVE
CVE
added 2016/04/14 2:0 p.m.70 views

CVE-2015-8554

CVE-2015-8554 describes a buffer overflow in Xen’s MSI-X handling: in hw/pt-msi.c for Xen 4.6.x and earlier when using the qemu-xen-traditional (qemu-dm) device model. The issue enables local x86 HVM guest administrators, with access to a passed-through MSI-X capable PCI device and MSI-X table en...

7.5CVSS7.8AI score0.004EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2016/04/14 2:0 p.m.36 views

CVE-2015-8554

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional aka qemu-dm device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries,...

7.5CVSS8.1AI score0.004EPSS
Exploits0
Rows per page
Query Builder