Filtered by vendor Xen
Subscriptions
Filtered by product Xen
Subscriptions
Total
466 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-2150 | 3 Linux, Ubuntu, Xen | 3 Linux Kernel, Ubuntu, Xen | 2024-08-06 | N/A |
Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | ||||
CVE-2015-2044 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. | ||||
CVE-2015-2045 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-08-06 | N/A |
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | ||||
CVE-2015-1563 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-08-06 | N/A |
The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | ||||
CVE-2015-0777 | 2 Linux, Xen | 2 Linux Kernel, Xen | 2024-08-06 | N/A |
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. | ||||
CVE-2015-0361 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-08-06 | N/A |
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. | ||||
CVE-2015-0268 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register. | ||||
CVE-2016-10025 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-08-06 | N/A |
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | ||||
CVE-2016-10013 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. | ||||
CVE-2016-10024 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-08-06 | N/A |
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | ||||
CVE-2016-9932 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. | ||||
CVE-2016-9816 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. | ||||
CVE-2016-9815 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. | ||||
CVE-2016-9817 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | ||||
CVE-2016-9818 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. | ||||
CVE-2016-9383 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-08-06 | N/A |
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. | ||||
CVE-2016-9384 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. | ||||
CVE-2016-9379 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-08-06 | N/A |
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | ||||
CVE-2016-9386 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-08-06 | N/A |
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | ||||
CVE-2016-9378 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery. |