|
265471
|
6.5 |
MEDIUM
Network
|
xen
|
xen
|
Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.
|
NVD-CWE-noinfo
|
CVE-2017-10919
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265472
|
10.0 |
CRITICAL
Network
|
xen
|
xen
|
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
|
CWE-20
Improper Input Validation
|
CVE-2017-10918
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265473
|
9.1 |
CRITICAL
Network
|
xen
|
xen
|
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-10917
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265474
|
7.5 |
HIGH
Network
|
xen
|
xen
|
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS user…
|
CWE-200
Information Exposure
|
CVE-2017-10916
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265475
|
9.0 |
CRITICAL
Network
|
xen
|
xen
|
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
|
CWE-362
Race Condition
|
CVE-2017-10915
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265476
|
8.1 |
HIGH
Network
|
xen
|
xen
|
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive…
|
CWE-362
CWE-415
Race Condition
Double Free
|
CVE-2017-10914
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265477
|
9.8 |
CRITICAL
Network
|
xen
|
xen
|
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain priv…
|
NVD-CWE-noinfo
|
CVE-2017-10913
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265478
|
10.0 |
CRITICAL
Network
|
xen
|
xen
|
Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
|
NVD-CWE-noinfo
|
CVE-2017-10912
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265479
|
6.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memor…
|
CWE-200
Information Exposure
|
CVE-2017-10911
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265480
|
7.5 |
HIGH
Network
|
linux
debian
|
linux_kernel
debian_linux
|
Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) b…
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2017-10810
|
2024-11-21 12:06 |
2017-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
