Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-3672 |
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. Published: May 25, 2016; 11:59:00 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 2.1 LOW |
CVE-2016-4480 |
The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory. Published: May 18, 2016; 10:59:05 AM -0400 |
V4.0:(not available) V3.0: 8.4 HIGH V2.0: 7.2 HIGH |
CVE-2016-3961 |
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. Published: April 15, 2016; 10:59:14 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2015-8554 |
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." Published: April 14, 2016; 10:59:05 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 6.6 MEDIUM |
CVE-2016-3159 |
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. Published: April 13, 2016; 12:59:19 PM -0400 |
V4.0:(not available) V3.0: 3.8 LOW V2.0: 1.7 LOW |
CVE-2015-8555 |
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. Published: April 13, 2016; 11:59:08 AM -0400 |
V4.0:(not available) V3.0: 8.6 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-2270 |
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. Published: February 19, 2016; 11:59:00 AM -0500 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2015-8338 |
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. Published: December 17, 2015; 2:59:06 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-5307 |
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c. Published: November 16, 2015; 6:59:05 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-7814 |
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. Published: October 30, 2015; 11:59:03 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2015-5166 |
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice. Published: August 12, 2015; 10:59:25 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-5165 |
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. Published: August 12, 2015; 10:59:24 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-5154 |
Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. Published: August 12, 2015; 10:59:23 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-2152 |
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. Published: March 18, 2015; 12:59:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 1.9 LOW |
CVE-2007-5730 |
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability. Published: October 30, 2007; 6:46:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |