Citrix

Xenserver

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.2

CVE-2016-6259

  • EPSS 0.2%
  • Veröffentlicht 02.08.2016 16:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering ...

8.8

CVE-2016-6258

  • EPSS 0.11%
  • Veröffentlicht 02.08.2016 16:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

9.8

CVE-2016-5302

  • EPSS 1.18%
  • Veröffentlicht 13.06.2016 14:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.

5.5

CVE-2016-3712

  • EPSS 0.12%
  • Veröffentlicht 11.05.2016 21:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

8.8

CVE-2016-3710

  • EPSS 0.09%
  • Veröffentlicht 11.05.2016 21:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...

8.6

CVE-2015-8555

  • EPSS 0.55%
  • Veröffentlicht 13.04.2016 15:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains ...

6.3

CVE-2016-1571

  • EPSS 0.3%
  • Veröffentlicht 22.01.2016 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest add...

4.6

CVE-2015-4106

  • EPSS 0.09%
  • Veröffentlicht 03.06.2015 20:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly ha...

6.4

CVE-2014-4948

  • EPSS 0.55%
  • Veröffentlicht 22.07.2014 20:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).

10

CVE-2014-4947

  • EPSS 0.8%
  • Veröffentlicht 22.07.2014 20:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.