Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:xen:xen:-:*:*:*:*:*:*:*
There are 146 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

Published: January 23, 2017; 4:59:02 PM -0500
V3.0: 7.9 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-7777

Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks on the guest by modifying an instruction while the hypervisor is preparing to emulate it.

Published: October 07, 2016; 10:59:10 AM -0400
V3.0: 6.3 MEDIUM
V2.0: 3.3 LOW
CVE-2016-7094

Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.

Published: September 21, 2016; 10:25:25 AM -0400
V3.0: 4.1 MEDIUM
V2.0: 1.5 LOW
CVE-2016-7092

The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.

Published: September 21, 2016; 10:25:22 AM -0400
V3.0: 8.2 HIGH
V2.0: 6.8 MEDIUM
CVE-2014-3672

The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.

Published: May 25, 2016; 11:59:00 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-4480

The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might allow local guest OS users to gain privileges via a crafted mapping of memory.

Published: May 18, 2016; 10:59:05 AM -0400
V3.0: 8.4 HIGH
V2.0: 7.2 HIGH
CVE-2016-3960

Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.

Published: April 19, 2016; 10:59:03 AM -0400
V3.0: 8.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-3961

Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.

Published: April 15, 2016; 10:59:14 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2015-8554

Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."

Published: April 14, 2016; 10:59:05 AM -0400
V3.0: 7.5 HIGH
V2.0: 6.6 MEDIUM
CVE-2015-8550

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

Published: April 14, 2016; 10:59:04 AM -0400
V3.0: 8.2 HIGH
V2.0: 5.7 MEDIUM
CVE-2016-3158

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076.

Published: April 13, 2016; 12:59:18 PM -0400
V3.0: 3.8 LOW
V2.0: 1.7 LOW
CVE-2015-8553

Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.

Published: April 13, 2016; 11:59:07 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-2270

Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.

Published: February 19, 2016; 11:59:00 AM -0500
V3.0: 6.8 MEDIUM
V2.0: 4.6 MEDIUM
CVE-2015-8338

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

Published: December 17, 2015; 2:59:06 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-7814

Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain.

Published: October 30, 2015; 11:59:03 AM -0400
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2015-5166

Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.

Published: August 12, 2015; 10:59:25 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-5165

The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.

Published: August 12, 2015; 10:59:24 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-5154

Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

Published: August 12, 2015; 10:59:23 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-2152

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Published: March 18, 2015; 12:59:02 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-9066

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.

Published: December 09, 2014; 6:59:09 PM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM