Skip to main content
CVE-2017-10918 CRITICAL Act Now

Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2017-10912 CRITICAL Act Now

Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.0
10.0
EPSS
1.7%
CVE-2017-10921 CRITICAL PATCH Act Now

The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 3.0
10.0
EPSS
1.1%
CVE-2017-10920 CRITICAL PATCH Act Now

The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Xen
NVD
CVSS 3.0
10.0
EPSS
1.1%
CVE-2017-1253 CRITICAL Act Now

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Security Guardium
NVD
CVSS 3.0
9.9
EPSS
1.4%
CVE-2017-10913 CRITICAL Act Now

The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2017-1175 CRITICAL Act Now

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Maximo Asset Management
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-1269 CRITICAL Act Now

IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi IBM Security Guardium
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2017-10917 CRITICAL Act Now

Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Xen
NVD
CVSS 3.0
9.1
EPSS
0.8%
CVE-2017-10915 CRITICAL Act Now

The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Xen
NVD
CVSS 3.0
9.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy