VYPR

rpm package

suse/xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP2

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2

Vulnerabilities (143)

  • CVE-2018-8897HigMay 8, 2018
    affected < 4.7.5_02-43.30.1fixed 4.7.5_02-43.30.1

    A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP

  • CVE-2018-10472MedApr 27, 2018
    affected < 4.7.5_02-43.30.1fixed 4.7.5_02-43.30.1

    An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.

  • CVE-2018-10471MedApr 27, 2018
    affected < 4.7.5_02-43.30.1fixed 4.7.5_02-43.30.1

    An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.

  • CVE-2018-7541HigFeb 27, 2018
    affected < 4.7.5_02-43.27.1fixed 4.7.5_02-43.27.1

    An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.

  • CVE-2018-7540MedFeb 27, 2018
    affected < 4.7.5_02-43.27.1fixed 4.7.5_02-43.27.1

    An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.

  • CVE-2018-5683MedJan 23, 2018
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    The vga_draw_text function in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) by leveraging improper memory address validation.

  • CVE-2017-18030MedJan 23, 2018
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    The cirrus_invalidate_region function in hw/display/cirrus_vga.c in Qemu allows local OS guest privileged users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to negative pitch.

  • CVE-2017-5754MedJan 4, 2018
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

  • CVE-2017-5753MedJan 4, 2018
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • CVE-2017-5715MedJan 4, 2018
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • CVE-2017-17566HigDec 12, 2017
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.

  • CVE-2017-17565MedDec 12, 2017
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.

  • CVE-2017-17564HigDec 12, 2017
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.

  • CVE-2017-17563HigDec 12, 2017
    affected < 4.7.4_06-43.24.1fixed 4.7.4_06-43.24.1

    An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.

  • CVE-2017-15597CriOct 30, 2017
    affected < 4.7.4_02-43.21.1fixed 4.7.4_02-43.21.1

    An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a g

  • CVE-2017-15595HigOct 18, 2017
    affected < 4.7.3_06-43.15.1fixed 4.7.3_06-43.15.1

    An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.

  • CVE-2017-15594HigOct 18, 2017
    affected < 4.7.3_06-43.15.1fixed 4.7.3_06-43.15.1

    An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.

  • CVE-2017-15593MedOct 18, 2017
    affected < 4.7.3_06-43.15.1fixed 4.7.3_06-43.15.1

    An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.

  • CVE-2017-15592HigOct 18, 2017
    affected < 4.7.3_06-43.15.1fixed 4.7.3_06-43.15.1

    An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.

  • CVE-2017-15591MedOct 18, 2017
    affected < 4.7.3_06-43.15.1fixed 4.7.3_06-43.15.1

    An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation.

Page 5 of 8