Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xenserver
(Citrix)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 50 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-01-23 | CVE-2016-9379 | The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | Xenserver, Xen | 7.9 | ||
| 2016-08-02 | CVE-2016-6259 | Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | Xenserver, Xen | 6.2 | ||
| 2016-08-02 | CVE-2016-6258 | The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | Xenserver, Xen | 8.8 | ||
| 2016-06-13 | CVE-2016-5302 | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | Xenserver | 9.8 | ||
| 2016-01-22 | CVE-2016-1571 | The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | Xenserver, Xen | 6.3 | ||
| 2017-01-26 | CVE-2016-10025 | VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | Xenserver, Xen | 5.5 | ||
| 2017-01-26 | CVE-2016-10024 | Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | Xenserver, Xen | 6.0 | ||
| 2016-04-13 | CVE-2015-8555 | Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. | Xenserver, Xen | 8.6 | ||
| 2014-07-22 | CVE-2014-4948 | Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD). | Xenserver | N/A | ||
| 2014-07-22 | CVE-2014-4947 | Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. | Xenserver | N/A |