Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:x86:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-4537 |
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." Published: November 21, 2012; 6:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-4535 |
Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inappropriate deadline." Published: November 21, 2012; 6:55:02 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 1.9 LOW |
CVE-2012-4544 |
The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk. Published: October 31, 2012; 12:55:05 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-2625 |
The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image. Published: October 31, 2012; 12:55:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 2.7 LOW |
CVE-2007-5730 |
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability. Published: October 30, 2007; 6:46:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |