Citrix Xenserver
38 CVEs affecting Citrix Xenserver. Latest disclosed: 2024-06-13. Critical: 2, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-7705 | Critical | 9.8 | 2017-08-07 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted re… |
CVE-2016-5302 | Critical | 9.8 | 2016-06-13 | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management networ… |
CVE-2017-12137 | High | 8.8 | 2017-08-24 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. |
CVE-2017-12135 | High | 8.8 | 2017-08-24 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transiti… |
CVE-2017-12134 | High | 8.8 | 2017-08-24 | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently… |
CVE-2016-9383 | High | 8.8 | 2017-01-23 | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a den… |
CVE-2016-6258 | High | 8.8 | 2016-08-02 | The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-pa… |
CVE-2016-3710 | High | 8.8 | 2016-05-11 | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary co… |
CVE-2015-8555 | High | 8.6 | 2016-04-13 | Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register… |
CVE-2016-9379 | High | 7.9 | 2017-01-23 | The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbit… |
CVE-2017-12136 | High | 7.8 | 2017-08-24 | Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and h… |
CVE-2016-9386 | High | 7.8 | 2017-01-23 | The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges… |
CVE-2016-9382 | High | 7.8 | 2017-01-23 | Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of serv… |
CVE-2015-7704 | High | 7.5 | 2017-08-07 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. |
CVE-2016-9637 | High | 7.5 | 2017-02-17 | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to… |
CVE-2016-9381 | High | 7.5 | 2017-01-23 | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vu… |
CVE-2016-9380 | High | 7.5 | 2017-01-23 | The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbi… |
CVE-2017-5572 | Medium | 6.5 | 2017-01-30 | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. |
CVE-2016-1571 | Medium | 6.3 | 2016-01-22 | The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows lo… |
CVE-2016-6259 | Medium | 6.2 | 2016-08-02 | Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bi… |