CVE-2016-1571

MEDIUM Year: 2016
CVSS v3 Score
6.3
Medium
CVSS v2 Score
4.7
Medium
Weakness Type
CWE-17
View all →

Vulnerability Description

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.

Related Vulnerabilities

CVE-2016-3721

MEDIUM
CVSS:6.5(Medium)

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

CWE-172016

CVE-2015-7441

MEDIUM
CVSS:6.8(Medium)

Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 t...

CWE-172015

CVE-2015-7793

MEDIUM
CVSS:5.8(Medium)

Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.

CWE-172015

CVE-2014-9426

HIGH
CVSS:7.3(High)

The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attacker...

CWE-172014

CVE-2015-4941

MEDIUM
CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS handshakes, which allows remote attackers to cause a denial of service (MQXR service crash) via unspecified vectors.

CWE-172015

CVE-2015-4943

MEDIUM
CVSS:5.3(Medium)

IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-201...

CWE-172015