|
256321
|
10.0 |
CRITICAL
Network
|
xen
|
xen
|
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
|
CWE-20
Improper Input Validation
|
CVE-2017-10918
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256322
|
9.1 |
CRITICAL
Network
|
xen
|
xen
|
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-10917
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256323
|
7.5 |
HIGH
Network
|
xen
|
xen
|
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS user…
|
CWE-200
Information Exposure
|
CVE-2017-10916
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256324
|
9.0 |
CRITICAL
Network
|
xen
|
xen
|
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
|
CWE-362
Race Condition
|
CVE-2017-10915
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256325
|
8.1 |
HIGH
Network
|
xen
|
xen
|
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive…
|
CWE-362
CWE-415
Race Condition
Double Free
|
CVE-2017-10914
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256326
|
9.8 |
CRITICAL
Network
|
xen
|
xen
|
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain priv…
|
NVD-CWE-noinfo
|
CVE-2017-10913
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256327
|
10.0 |
CRITICAL
Network
|
xen
|
xen
|
Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
|
NVD-CWE-noinfo
|
CVE-2017-10912
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256328
|
6.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memor…
|
CWE-200
Information Exposure
|
CVE-2017-10911
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256329
|
7.5 |
HIGH
Network
|
linux
debian
|
linux_kernel
debian_linux
|
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) b…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-10810
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256330
|
8.8 |
HIGH
Network
|
odoo
|
odoo
|
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OA…
|
CWE-863
Incorrect Authorization
|
CVE-2017-10805
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
