Vulnerabilities (CVE)

Filtered by vendor Xen Subscribe
Total 469 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3525 1 Xen 1 Xen 2024-11-21 7.2 HIGH N/A
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.
CVE-2009-1758 2 Linux, Xen 2 Linux Kernel, Xen 2024-11-21 5.0 MEDIUM N/A
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges."
CVE-2008-4993 1 Xen 1 Xen 2024-11-21 6.9 MEDIUM N/A
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file.
CVE-2008-3687 1 Xen 2 Xen, Xen Flask Module 2024-11-21 6.8 MEDIUM N/A
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
CVE-2007-6416 1 Xen 1 Xen 2024-11-21 4.6 MEDIUM N/A
The copy_to_user function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations.
CVE-2007-5730 3 Debian, Qemu, Xen 3 Debian Linux, Qemu, Xen 2024-11-21 7.2 HIGH N/A
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the individual net socket listen vulnerability.
CVE-2007-1321 4 Debian, Fedoraproject, Qemu and 1 more 5 Debian Linux, Fedora, Fedora Core and 2 more 2024-11-21 7.2 HIGH N/A
Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier was inadvertently used by some sources to cover multiple issues that were labeled "NE2000 network driver and the socket code," but separate identifiers have been created for the individual vulnerabilities since there are sometimes different fixes; see CVE-2007-5729 and CVE-2007-5730.
CVE-2007-1320 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Fedora Core and 3 more 2024-11-21 7.2 HIGH N/A
Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.
CVE-2007-0998 2 Redhat, Xen 3 Enterprise Linux, Fedora Core, Qemu 2024-11-21 4.3 MEDIUM N/A
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.