Xensource Inc
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4993 | 0.03 | — | 0.01 | Sep 27, 2007 | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. | |||
| CVE-2008-1619 | 0.00 | — | 0.01 | Apr 2, 2008 | The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | |||
| CVE-2007-6207 | 0.00 | — | 0.00 | Dec 4, 2007 | Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | |||
| CVE-2007-5907 | 0.00 | — | 0.00 | Nov 9, 2007 | Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | |||
| CVE-2007-5906 | 0.00 | — | 0.00 | Nov 9, 2007 | Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. | |||
| CVE-2007-3919 | 0.00 | — | 0.00 | Oct 28, 2007 | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. |
- CVE-2007-4993Sep 27, 2007risk 0.03cvss —epss 0.01
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
- CVE-2008-1619Apr 2, 2008risk 0.00cvss —epss 0.01
The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.
- CVE-2007-6207Dec 4, 2007risk 0.00cvss —epss 0.00
Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
- CVE-2007-5907Nov 9, 2007risk 0.00cvss —epss 0.00
Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash).
- CVE-2007-5906Nov 9, 2007risk 0.00cvss —epss 0.00
Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.
- CVE-2007-3919Oct 28, 2007risk 0.00cvss —epss 0.00
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.