Vulnerabilities (CVE)

Filtered by vendor Xen Subscribe
Filtered by product Xen
Total 466 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4993 1 Xen 1 Xen 2024-11-21 6.9 MEDIUM N/A
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
CVE-2008-3687 1 Xen 2 Xen, Xen Flask Module 2024-11-21 6.8 MEDIUM N/A
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
CVE-2007-6416 1 Xen 1 Xen 2024-11-21 4.6 MEDIUM N/A
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
CVE-2007-5730 3 Debian, Qemu, Xen 3 Debian Linux, Qemu, Xen 2024-11-21 7.2 HIGH N/A
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
CVE-2007-1321 4 Debian, Fedoraproject, Qemu and 1 more 5 Debian Linux, Fedora, Fedora Core and 2 more 2024-11-21 7.2 HIGH N/A
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
CVE-2007-1320 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Fedora Core and 3 more 2024-11-21 7.2 HIGH N/A
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.