Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xen
(Xen)| Repositories |
• https://github.com/torvalds/linux
• https://github.com/bonzini/qemu |
| #Vulnerabilities | 466 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-05-25 | CVE-2014-3672 | The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr. | Libvirt, Xen | 6.5 | ||
| 2017-10-16 | CVE-2015-7504 | Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | Debian_linux, Qemu, Xen | 8.8 | ||
| 2018-07-03 | CVE-2017-2615 | Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. | Xenserver, Debian_linux, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation, Openstack, Xen | 9.1 | ||
| 2019-10-08 | CVE-2019-17349 | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | Debian_linux, Xen | 5.5 | ||
| 2019-10-08 | CVE-2019-17350 | An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. | Debian_linux, Xen | 5.5 | ||
| 2019-10-08 | CVE-2019-17341 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device. | Debian_linux, Xen | 7.8 | ||
| 2019-10-08 | CVE-2019-17342 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced. | Debian_linux, Xen | 7.0 | ||
| 2019-10-08 | CVE-2019-17346 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. | Debian_linux, Xen | 8.8 | ||
| 2019-10-08 | CVE-2019-17347 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). | Debian_linux, Xen | 7.8 | ||
| 2019-10-08 | CVE-2019-17348 | An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. | Debian_linux, Xen | 6.5 |