Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xenserver
(Citrix)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-05-11 | CVE-2016-3710 | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | Ubuntu_linux, Xenserver, Debian_linux, Helion_openstack, Linux, Vm_server, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization | 8.8 | ||
| 2018-06-21 | CVE-2018-3665 | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Core_i3, Core_i5, Core_i7, Core_m, Core_m3, Core_m5, Core_m7, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_workstation | 5.6 | ||
| 2017-01-23 | CVE-2016-9381 | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | Xenserver, Qemu | 7.5 | ||
| 2015-06-03 | CVE-2015-4106 | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | Ubuntu_linux, Xenserver, Debian_linux, Fedora, Qemu, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2020-01-23 | CVE-2012-4606 | Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | Xenserver | N/A | ||
| 2017-01-30 | CVE-2017-5573 | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. | Xenserver | 4.9 | ||
| 2017-01-30 | CVE-2017-5572 | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. | Xenserver | 6.5 | ||
| 2017-08-24 | CVE-2017-12137 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | Xenserver, Debian_linux, Xen | 8.8 | ||
| 2017-08-24 | CVE-2017-12135 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | Xenserver, Debian_linux, Xen | 8.8 | ||
| 2017-08-24 | CVE-2017-12134 | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | Xenserver, Xen | 8.8 |