Xenserver
CVEs (41)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14007 | Cri | 0.68 | 9.8 | 0.56 | Aug 15, 2018 | Citrix XenServer 7.1 and newer allows Directory Traversal. | ||
| CVE-2015-7705 | Cri | 0.65 | 9.8 | 0.12 | Aug 7, 2017 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | ||
| CVE-2016-5302 | Cri | 0.64 | 9.8 | 0.03 | Jun 13, 2016 | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | ||
| CVE-2017-12137 | Hig | 0.57 | 8.8 | 0.00 | Aug 24, 2017 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | ||
| CVE-2017-12135 | Hig | 0.57 | 8.8 | 0.00 | Aug 24, 2017 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | ||
| CVE-2017-12134 | Hig | 0.57 | 8.8 | 0.01 | Aug 24, 2017 | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block… | ||
| CVE-2016-9383 | Hig | 0.57 | 8.8 | 0.01 | Jan 23, 2017 | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test… | ||
| CVE-2016-6258 | Hig | 0.57 | 8.8 | 0.00 | Aug 2, 2016 | The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | ||
| CVE-2016-3710 | Hig | 0.57 | 8.8 | 0.01 | May 11, 2016 | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | ||
| CVE-2015-8555 | Hig | 0.56 | 8.6 | 0.02 | Apr 13, 2016 | Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. | ||
| CVE-2017-12136 | Hig | 0.51 | 7.8 | 0.00 | Aug 24, 2017 | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | ||
| CVE-2016-9382 | Hig | 0.51 | 7.8 | 0.00 | Jan 23, 2017 | Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to… | ||
| CVE-2016-9379 | Hig | 0.51 | 7.9 | 0.00 | Jan 23, 2017 | The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | ||
| CVE-2015-7704 | Hig | 0.50 | 7.5 | 0.11 | Aug 7, 2017 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | ||
| CVE-2016-9637 | Hig | 0.49 | 7.5 | 0.00 | Feb 17, 2017 | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | ||
| CVE-2016-9381 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2017 | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | ||
| CVE-2016-9380 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2017 | The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | ||
| CVE-2017-5572 | Med | 0.42 | 6.5 | 0.01 | Jan 30, 2017 | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. | ||
| CVE-2016-1571 | Med | 0.41 | 6.3 | 0.01 | Jan 22, 2016 | The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID… | ||
| CVE-2016-6259 | Med | 0.40 | 6.2 | 0.01 | Aug 2, 2016 | Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. |
- risk 0.68cvss 9.8epss 0.56
Citrix XenServer 7.1 and newer allows Directory Traversal.
- risk 0.65cvss 9.8epss 0.12
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
- risk 0.64cvss 9.8epss 0.03
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
- risk 0.57cvss 8.8epss 0.00
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
- risk 0.57cvss 8.8epss 0.00
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
- risk 0.57cvss 8.8epss 0.01
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block…
- risk 0.57cvss 8.8epss 0.01
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test…
- risk 0.57cvss 8.8epss 0.00
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
- risk 0.57cvss 8.8epss 0.01
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
- risk 0.56cvss 8.6epss 0.02
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
- risk 0.51cvss 7.8epss 0.00
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
- risk 0.51cvss 7.8epss 0.00
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to…
- risk 0.51cvss 7.9epss 0.00
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
- risk 0.50cvss 7.5epss 0.11
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
- risk 0.49cvss 7.5epss 0.00
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
- risk 0.49cvss 7.5epss 0.00
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
- risk 0.49cvss 7.5epss 0.00
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
- risk 0.41cvss 6.3epss 0.01
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID…
- risk 0.40cvss 6.2epss 0.01
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
Page 1 of 3