Vulnerabilities (CVE)

Filtered by vendor Citrix Subscribe
Filtered by product Xenserver
Total 51 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-9383 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 7.2 HIGH 8.8 HIGH
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.
CVE-2016-9382 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 4.6 MEDIUM 7.8 HIGH
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
CVE-2016-9381 2 Citrix, Qemu 2 Xenserver, Qemu 2024-11-21 6.9 MEDIUM 7.5 HIGH
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVE-2016-9380 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 4.6 MEDIUM 7.5 HIGH
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9379 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 4.6 MEDIUM 7.9 HIGH
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVE-2016-6259 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 4.9 MEDIUM 6.2 MEDIUM
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
CVE-2016-6258 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 7.2 HIGH 8.8 HIGH
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
CVE-2016-5302 1 Citrix 1 Xenserver 2024-11-21 7.5 HIGH 9.8 CRITICAL
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
CVE-2016-3712 6 Canonical, Citrix, Debian and 3 more 11 Ubuntu Linux, Xenserver, Debian Linux and 8 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
CVE-2016-3710 7 Canonical, Citrix, Debian and 4 more 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more 2024-11-21 7.2 HIGH 8.8 HIGH
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
CVE-2016-1571 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 4.7 MEDIUM 6.3 MEDIUM
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
CVE-2016-10025 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 2.1 LOW 5.5 MEDIUM
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
CVE-2016-10024 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 4.9 MEDIUM 6.0 MEDIUM
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
CVE-2015-8555 2 Citrix, Xen 2 Xenserver, Xen 2024-11-21 5.0 MEDIUM 8.6 HIGH
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
CVE-2015-7705 4 Citrix, Netapp, Ntp and 1 more 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVE-2015-7704 6 Citrix, Debian, Mcafee and 3 more 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVE-2015-4106 6 Canonical, Citrix, Debian and 3 more 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more 2024-11-21 4.6 MEDIUM N/A
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
CVE-2014-4948 1 Citrix 1 Xenserver 2024-11-21 6.4 MEDIUM N/A
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
CVE-2014-4947 1 Citrix 1 Xenserver 2024-11-21 10.0 HIGH N/A
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
CVE-2014-3798 1 Citrix 1 Xenserver 2024-11-21 6.1 MEDIUM 6.5 MEDIUM
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.