Citrix

Xenserver

50 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.2

CVE-2016-6259

  • EPSS 0.2%
  • Published 02.08.2016 16:59:09
  • Last modified 12.04.2025 10:46:40

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering ...

8.8

CVE-2016-6258

  • EPSS 0.11%
  • Published 02.08.2016 16:59:08
  • Last modified 12.04.2025 10:46:40

The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

9.8

CVE-2016-5302

  • EPSS 1.18%
  • Published 13.06.2016 14:59:10
  • Last modified 12.04.2025 10:46:40

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.

5.5

CVE-2016-3712

  • EPSS 0.12%
  • Published 11.05.2016 21:59:02
  • Last modified 12.04.2025 10:46:40

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

8.8

CVE-2016-3710

  • EPSS 0.09%
  • Published 11.05.2016 21:59:01
  • Last modified 12.04.2025 10:46:40

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Port...

8.6

CVE-2015-8555

  • EPSS 0.55%
  • Published 13.04.2016 15:59:08
  • Last modified 12.04.2025 10:46:40

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains ...

6.3

CVE-2016-1571

  • EPSS 0.3%
  • Published 22.01.2016 15:59:06
  • Last modified 12.04.2025 10:46:40

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest add...

4.6

CVE-2015-4106

  • EPSS 0.09%
  • Published 03.06.2015 20:59:09
  • Last modified 12.04.2025 10:46:40

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly ha...

6.4

CVE-2014-4948

  • EPSS 0.55%
  • Published 22.07.2014 20:55:02
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).

10

CVE-2014-4947

  • EPSS 0.8%
  • Published 22.07.2014 20:55:02
  • Last modified 12.04.2025 10:46:40

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.