Vulnerabilities > XEN > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-11-23 | CVE-2012-3498 | Improper Input Validation vulnerability in multiple products PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | 5.6 |
2012-11-23 | CVE-2012-3497 | Improper Input Validation vulnerability in XEN 4.0.0/4.1.0/4.2.0 (1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id. | 6.9 |
2012-11-23 | CVE-2012-3496 | Configuration vulnerability in multiple products XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. | 4.7 |
2012-11-23 | CVE-2012-3495 | Improper Input Validation vulnerability in multiple products The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | 6.1 |
2009-05-22 | CVE-2009-1758 | Resource Management Errors vulnerability in XEN The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." | 5.0 |
2008-11-07 | CVE-2008-4993 | Link Following vulnerability in XEN 3.2.1 qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. | 6.9 |
2008-08-14 | CVE-2008-3687 | Buffer Errors vulnerability in XEN and XEN Flask Module Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. | 6.8 |
2007-12-17 | CVE-2007-6416 | Permissions, Privileges, and Access Controls vulnerability in XEN 3.1.2 The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations. | 4.6 |
2007-03-20 | CVE-2007-0998 | Permissions, Privileges, and Access Controls vulnerability in XEN Qemu The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. | 4.3 |