Vulnerabilities > XEN > XEN > 3.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-10-02 | CVE-2014-7155 | Permissions, Privileges, and Access Controls vulnerability in multiple products The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | 5.8 |
2014-04-01 | CVE-2014-1894 | Numeric Errors vulnerability in XEN Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1893. | 5.2 |
2014-04-01 | CVE-2014-1893 | Numeric Errors vulnerability in XEN Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014-1892, and CVE-2014-1894. | 5.2 |
2014-04-01 | CVE-2014-1891 | Numeric Errors vulnerability in XEN Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894. | 5.2 |
2014-01-07 | CVE-2011-1166 | Improper Input Validation vulnerability in XEN Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. | 5.5 |
2013-12-27 | CVE-2011-2519 | Null Pointer Dereference vulnerability in multiple products Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction. | 5.5 |
2013-12-24 | CVE-2013-4554 | Permissions, Privileges, and Access Controls vulnerability in XEN Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a crafted application running in ring 1 or 2. | 5.2 |
2013-10-17 | CVE-2013-4368 | Information Exposure vulnerability in XEN The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register. | 1.9 |
2013-08-23 | CVE-2013-2196 | Remote Privilege Escalation vulnerability in Xen Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "other problems" that are not CVE-2013-2194 or CVE-2013-2195. local xen | 6.9 |
2013-08-23 | CVE-2013-2195 | Numeric Errors vulnerability in XEN The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involving unexpected calculations. | 6.9 |