Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
There are 188 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2015-3259

Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument.

Published: July 16, 2015; 10:59:01 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-4164

The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.

Published: June 15, 2015; 11:59:13 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-4163

GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.

Published: June 15, 2015; 11:59:12 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-4105

Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.

Published: June 03, 2015; 4:59:08 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-4104

Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.

Published: June 03, 2015; 4:59:07 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2015-4103

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields.

Published: June 03, 2015; 4:59:06 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-3340

Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

Published: April 28, 2015; 10:59:02 AM -0400
V3.x:(not available)
V2.0: 2.9 LOW
CVE-2015-2756

QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Published: April 01, 2015; 10:59:08 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-2752

The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm).

Published: April 01, 2015; 10:59:06 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-2751

Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.

Published: April 01, 2015; 10:59:05 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2015-2152

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Published: March 18, 2015; 12:59:02 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2015-2151

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Published: March 12, 2015; 10:59:03 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-2150

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Published: March 12, 2015; 10:59:02 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2015-2045

The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.

Published: March 12, 2015; 10:59:01 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-2044

The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.

Published: March 12, 2015; 10:59:00 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-1563

The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.

Published: February 09, 2015; 6:59:08 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-0361

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.

Published: January 07, 2015; 2:59:05 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2014-9066

Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.

Published: December 09, 2014; 6:59:09 PM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM
CVE-2014-9065

common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.

Published: December 09, 2014; 6:59:08 PM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2014-8866

The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of registers while in 64-bit mode.

Published: December 01, 2014; 10:59:08 AM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM