CVE-2015-8338

HIGH Year: 2015
CVSS v2 Score
7.2
High
Weakness Type
CWE-254
View all →

Vulnerability Description

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.

Related Vulnerabilities

CVE-2016-5788

CRITICAL
CVSS:10.0(Critical)

General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via ...

CWE-2542016

CVE-2011-3145

CRITICAL
CVSS:9.8(Critical)

When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of th...

CWE-2542011

CVE-2011-4889

CRITICAL
CVSS:9.8(Critical)

The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does n...

CWE-2542011

CVE-2014-5334

CRITICAL
CVSS:9.8(Critical)

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.

CWE-2542014

CVE-2015-6473

CRITICAL
CVSS:9.8(Critical)

WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.

CWE-2542015

CVE-2015-7554

CRITICAL
CVSS:9.8(Critical)

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field dat...

CWE-2542015