CVE-2012-4411 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.6 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:S/C:C/I:N/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Vendor	Product	Version
xen	xen	4.0.0
xen	xen	4.1.0
xen	xen	4.2.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xen

bullseye	4.14.6-1 fixed
squeeze	not-affected
bullseye (security)	4.14.5+94-ge49571868d-1 fixed
bookworm	4.17.3+10-g091466ba55-1~deb12u1 fixed
sid	4.17.3+36-g54dacb5c02-1 fixed
trixie	4.17.3+36-g54dacb5c02-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

xen

quantal	not-affected
precise	Fixed 4.1.2-2ubuntu2.4 released
oneiric	Fixed 4.1.1-2ubuntu4.4 released
natty	dne
lucid	dne
hardy	dne

xen-3.1

quantal	dne
precise	dne
oneiric	dne
natty	dne
lucid	dne
hardy	ignored

xen-3.2

quantal	dne
precise	dne
oneiric	dne
natty	dne
lucid	dne
hardy	not-affected

xen-3.3

quantal	dne
precise	dne
oneiric	dne
natty	ignored
lucid	not-affected
hardy	dne

xen-qemu-dm-4.0

quantal	dne
precise	dne
oneiric	dne
natty	ignored
lucid	dne
hardy	dne

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html

http://secunia.com/advisories/50493

http://secunia.com/advisories/51324

http://secunia.com/advisories/51352

http://secunia.com/advisories/51413

http://secunia.com/advisories/55082

http://security.gentoo.org/glsa/glsa-201309-24.xml

http://www.debian.org/security/2012/dsa-2543

http://www.openwall.com/lists/oss-security/2012/09/06/2

http://www.openwall.com/lists/oss-security/2012/09/06/7

http://www.openwall.com/lists/oss-security/2012/09/07/5

http://www.securityfocus.com/bid/55442

https://security.gentoo.org/glsa/201604-03

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html

http://secunia.com/advisories/50493

http://secunia.com/advisories/51324

http://secunia.com/advisories/51352

http://secunia.com/advisories/51413

http://secunia.com/advisories/55082

http://security.gentoo.org/glsa/glsa-201309-24.xml

http://www.debian.org/security/2012/dsa-2543

http://www.openwall.com/lists/oss-security/2012/09/06/2

http://www.openwall.com/lists/oss-security/2012/09/06/7

http://www.openwall.com/lists/oss-security/2012/09/07/5

http://www.securityfocus.com/bid/55442

https://security.gentoo.org/glsa/201604-03