Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10527
HistoryApr 01, 2015 - 12:00 a.m.

KLA10527 Multiple vulnerabilities in different versions of Xen

2015-04-0100:00:00
Kaspersky Lab
threats.kaspersky.com
23

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

9.1 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON

Multiple serious vulnerabilities have been found in Xen. Malicious users can exploit these vulnerabilities to cause denial of service or bypass security restrictions.

Below is a complete list of vulnerabilities

  1. Unknown vulnerability can be exploited remotely via a logger or domctl manipulations;
  2. Lack of restrctions can be exploited locally via a systrem variables or VNC manipulations;
  3. Improper access restrictions can be exploited remotely via PCI device manipulations.

Original advisories

Related products

Xen-Server

CVE list

CVE-2015-2752 warning

CVE-2015-2751 high

CVE-2015-1563 warning

CVE-2015-2756 warning

CVE-2015-2152 warning

Solution

Update to the latest version

Get Xen

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Xen 4.5 all versions and earlier

Related

nessus 35
openvas 35
fedora 15
suse 7
cve 5
prion 5
xen 5
nvd 5
cvelist 5
ubuntucve 5
debiancve 5
freebsd 5
gentoo 1
ubuntu 1
securityvulns 2
debian 2
osv 2
mageia 1
nessus
nessus
Fedora 20 : xen-4.3.4-2.fc20 (2015-5402)
2015-04-13 00:00:00
Fedora 21 : xen-4.4.2-2.fc21 (2015-5208)
2015-04-13 00:00:00
Fedora 22 : xen-4.5.0-7.fc22 (2015-5295)
2015-04-22 00:00:00
openvas
openvas
Fedora Update for xen FEDORA-2015-5295
2015-07-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0701-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for xen (openSUSE-SU-2015:0732-1)
2015-04-21 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: xen-4.5.0-7.fc22
2015-04-21 18:51:14
[SECURITY] Fedora 21 Update: xen-4.4.2-2.fc21
2015-04-11 09:04:58
[SECURITY] Fedora 21 Update: xen-4.4.2-3.fc21
2015-05-02 18:04:27
suse
suse
Security update for xen (important)
2015-04-20 16:04:56
Security update for xen (important)
2015-05-21 09:04:52
Security update for xen (important)
2015-06-22 12:04:52
cve
cve
CVE-2015-2152
2015-03-18 16:59:02
CVE-2015-2751
2015-04-01 14:59:05
CVE-2015-1563
2015-02-09 11:59:08
prion
prion
Default credentials
2015-03-18 16:59:00
Design/Logic Flaw
2015-04-01 14:59:00
Cross site request forgery (csrf)
2015-04-01 14:59:00
xen
xen
HVM qemu unexpectedly enabling emulated VGA graphics backends
2015-03-12 12:00:00
Certain domctl operations may be abused to lock up the host
2015-03-31 12:00:00
Long latency MMIO mapping operations are not preemptible
2015-03-31 12:00:00
nvd
nvd
CVE-2015-2152
2015-03-18 16:59:02
CVE-2015-2751
2015-04-01 14:59:05
CVE-2015-1563
2015-02-09 11:59:08
cvelist
cvelist
CVE-2015-2152
2015-03-18 16:00:00
CVE-2015-2751
2015-04-01 14:00:00
CVE-2015-2752
2015-04-01 14:00:00
ubuntucve
ubuntucve
CVE-2015-2751
2015-04-01 00:00:00
CVE-2015-2152
2015-03-18 00:00:00
CVE-2015-2752
2015-04-01 00:00:00
debiancve
debiancve
CVE-2015-2152
2015-03-18 16:59:02
CVE-2015-2751
2015-04-01 14:59:05
CVE-2015-2752
2015-04-01 14:59:06
freebsd
freebsd
xen-tools -- HVM qemu unexpectedly enabling emulated VGA graphics backends
2015-03-13 00:00:00
xen-kernel -- Certain domctl operations may be abused to lock up the host
2015-03-31 00:00:00
xen-kernel and xen-tools -- Long latency MMIO mapping operations are not preemptible
2015-03-31 00:00:00
gentoo
gentoo
Xen: Multiple vulnerabilities
2015-04-11 00:00:00
ubuntu
ubuntu
QEMU vulnerabilities
2015-05-13 00:00:00
securityvulns
securityvulns
[USN-2608-1] QEMU vulnerabilities
2015-05-17 00:00:00
libvirt / qemu security vulnerabilities
2015-05-17 00:00:00
debian
debian
[SECURITY] [DSA 3259-1] qemu security update
2015-05-13 16:07:57
[SECURITY] [DLA 479-1] xen security update
2016-05-17 23:13:35
osv
osv
qemu - security update
2015-05-13 00:00:00
xen - security update
2016-05-17 00:00:00
mageia
mageia
Updated xen packages fix security vulnerabilities
2016-03-07 14:20:30

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

9.1 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

85.7%

JSON
Related for KLA10527
nessus35openvas35fedora15suse7cve5prion5xen5nvd5cvelist5ubuntucve5debiancve5freebsd5gentoo1ubuntu1securityvulns2debian2osv2mageia1