Show filters
555 Total Results
Displaying 301-310 of 555
Sort by:
Attacker Value
Unknown

CVE-2017-10912

Disclosure Date: July 05, 2017 (last updated November 26, 2024)
Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
0
Attacker Value
Unknown

CVE-2017-10914

Disclosure Date: July 05, 2017 (last updated November 26, 2024)
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
0
Attacker Value
Unknown

CVE-2017-8905

Disclosure Date: May 11, 2017 (last updated November 26, 2024)
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
0
Attacker Value
Unknown

CVE-2017-8903

Disclosure Date: May 11, 2017 (last updated November 26, 2024)
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
0
Attacker Value
Unknown

CVE-2017-8904

Disclosure Date: May 11, 2017 (last updated November 26, 2024)
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
0
Attacker Value
Unknown

CVE-2017-7995

Disclosure Date: May 03, 2017 (last updated November 26, 2024)
Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.
0
Attacker Value
Unknown

CVE-2017-7228

Disclosure Date: April 04, 2017 (last updated November 26, 2024)
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.
0
Attacker Value
Unknown

CVE-2017-7310

Disclosure Date: March 29, 2017 (last updated November 26, 2024)
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
0
Attacker Value
Unknown

CVE-2017-6416

Disclosure Date: March 06, 2017 (last updated November 26, 2024)
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
0
Attacker Value
Unknown

CVE-2016-9816

Disclosure Date: February 27, 2017 (last updated November 26, 2024)
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
0