50 matches found
CVE-2018-8897
CVE-2018-8897 covers a Linux kernel issue where a mishandled debug exception after MOV SS/POP SS can lead to a local privilege escalation or kernel crash. The vulnerability arises from how the kernel handles stack-switch sequencing and interrupts, potentially enabling privilege escalation in some...
CVE-2018-3665
CVE-2018-3665 affects systems using Intel Core-based CPUs with Lazy FP state restore enabled. A local attacker could exploit speculative execution side channels to read FP/SIMD state from other processes or the kernel. Public details in connected docs show Linux kernel mitigations (disable Lazy F...
CVE-2015-7705
CVE-2015-7705 describes a DoS vulnerability in NTP’s rate-limiting: remote attackers can cause a client to delay/stop querying time sources by sending forged Kiss-of-Death messages. Affected are NTPd 4.x before 4.2.8p4 and 4.3.x before 4.3.77; multiple vendors (e.g., F5 BIG-IP, Debian, Arista/EOS...
CVE-2015-7704
CVE-2015-7704 describes a denial-of-service in ntpd caused by handling of Kiss-of-Death (KoD) messages. The issue arises from KoD processing that could delay or stop querying time sources. Affected software: ntpd in NTP 4.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77. Impact: unauthenticated remot...
CVE-2018-19965
Technical details about CVE-2018-19965 (Xen) are not provided in the connected documents. The initial description lacks vendor/product/version/root-cause/fix specifics. Monitor for updates from Xen advisories.
CVE-2017-2620
CVE-2017-2620 affects QEMU with Cirrus CLGD 54xx VGA emulator prior to 2.8, where cirrus_bitblt_cputovideo can trigger out-of-bounds access while copying VGA data. This could allow a privileged guest user to crash the QEMU process or potentially execute arbitrary host code with QEMU privileges. P...
CVE-2018-19962
CVE-2018-19962 (Xen) affects the Xen hypervisor on AMD x86, where guest OS users can potentially escalate to host privileges due to small IOMMU mappings being unsafely merged into larger ones. The vulnerability is rooted in how IOMMU mappings are combined, enabling a malicious or local attacker i...
CVE-2018-19961
CVE-2018-19961 affects the Xen hypervisor up to 4.11.x on AMD x86, where guest OS users may gain host privileges due to TLB flushes not reliably occurring after IOMMU mapping changes. Public documents confirm Xen as the affected product and describe the root cause and potential privilege escalati...
CVE-2017-12134
The CVE-2017-12134 issue affects Xen when Linux runs in a Xen PV domain on x86 and may cause a denial of service or arbitrary code execution due to incorrect merging of block I/O requests in xen_biovec_phys_mergeable (drivers/xen/biomerge.c). Public advisories (Debian, Fedora, Gentoo, Cloud Found...
CVE-2016-3710
CVE-2016-3710 : A bounds-checking flaw in QEMU’s VGA module (VBE read/write via I/O ports) allows a privileged guest to modify banked video memory and execute arbitrary code on the host with QEMU process privileges. Root cause: out-of-bounds read/write in VGA bank access. Impact: potential host c...
CVE-2017-2615
The CVE-2017-2615 issue affects QEMU’s Cirrus CLGD 54xx VGA emulator support. The vulnerability is an out-of-bounds access during VGA data copying via bitblt in backward mode, which could allow a privileged guest user to crash the QEMU process and potentially execute arbitrary host code with QEMU...
CVE-2016-9603
CVE-2016-9603 affects QEMU’s Cirrus CLGD 54xx VGA emulator, specifically the VNC display driver support prior to 2.9. A heap-based buffer overflow can occur when a VNC client updates the display after a guest VGA operation. A privileged guest user could crash the QEMU process or potentially execu...
CVE-2012-0217
CVE-2012-0217 affects the x86-64 kernel sysret path across multiple platforms (Xen 4.1.2 and earlier, XenServer 6.0.2 and earlier, Solaris 11 and earlier, illumos before r13724, FreeBSD before 9.0-RELEASE-p3, NetBSD 6.0 Beta and earlier, Windows Server 2008 R2/R2 SP1/Windows 7 SP1, and others). T...
CVE-2016-3712
The CVE-2016-3712 issue affects QEMU’s VGA emulator (VBE mode) where an integer overflow/out-of-bounds read occurs when editing VGA registers, enabling a privileged guest to crash the QEMU host process (DoS). Multiple connected advisories reference this CVE as part of a set of QEMU/VGA vulnerabil...
CVE-2014-3798
The CVE concerns Citrix XenServer Windows Guest Tools (XenServer Tools) for Windows guests, with vulnerability in the xenvif-facing handling that allows a remote, unauthenticated attacker to crash the guest OS by sending specially crafted Ethernet frames. Affected versions include XenServer 6.2 S...
CVE-2017-12135
CVE-2017-12135 concerns the Xen hypervisor grant-table handling. The connected materials show that the vulnerability involves transitive grants and a path through grant-copy handling. The core issue is in the GNTTABOP_copy path, where the fix for CVE-2017-12135 could cause the caller to receive a...
CVE-2016-9381
CVE-2016-9381 describes a race condition in QEMU when used with Xen, where a local x86 HVM guest administrator could gain privileges by altering data on shared rings (the so‑called “double fetch” issue). The provided documents confirm this vulnerability and list Xen/shared-ring handling as the ro...
CVE-2012-4606
Citrix XenServer is affected by a Local Privilege Escalation vulnerability (CVE-2012-4606) in multiple releases: 4.1, 6.0, 5.6 SP2, 5.6 FP1, 5.6, 5.5, 5.0, and 5.0 Update 3. The flaw enables local users with access to a guest OS to gain elevated privileges on the host. Exploitation details or exa...
CVE-2015-4106
CVE-2015-4106 : QEMU does not properly restrict write access to the PCI config space for certain PCI passthrough devices, which the documents describe as enabling local x86 HVM guests to gain privileges, cause host crashes, obtain sensitive information, or suffer other unspecified impact. The con...
CVE-2017-12137
CVE-2017-12137 affects Xen hypervisor, with a local privilege escalation via map_grant_ref in arch/x86/mm.c that could let a local PV guest OS user gain host privileges. The linked documents confirm Xen is the vulnerable component and identify the underlying issue as a map_grant_ref related flaw....
CVE-2016-1571
CVE-2016-1571 affects Xen 3.3.x–4.6.x. When shadow paging or nested virtualization is enabled, a local HVM guest can trigger the hypervisor bug check via a non-canonical guest address in an INVVPID instruction, causing a host crash (DoS). The description does not specify a vendor patch or fixed v...
CVE-2017-12136
CVE-2017-12136 affects Xen 4.6.x–4.9.x. The issue is a race condition in grant table maptrack free list handling, enabling a malicious guest administrator to crash the host or escalate privileges to the host. Public advisories (GLSA 201801-14; SUSE SU-2017:2327-2) document the fix as Xen upgrades...
CVE-2016-10024
CVE-2016-10024 affects the Xen hypervisor: Xen through 4.8.x allows local x86 PV guest OS kernel admins to cause a host hang/crash by modifying the instruction stream asynchronously during certain kernel operations, yielding a Denial of Service. Public advisories from Debian (DSA-3847) and SUSE/S...
CVE-2016-9383
CVE-2016-9383 affects Xen when running on a 64‑bit hypervisor. The issue stems from broken emulation of bit test instructions, allowing a local x86 guest to modify arbitrary host memory and potentially obtain sensitive data, crash the host, or execute code on the host. Connected sources describe ...
CVE-2016-9386
CVE-2016-9386 affects the Xen x86 emulator: it does not properly treat x86 NULL segments as unusable during memory accesses, potentially allowing local HVM guests to escalate privileges via vectors involving unexpected base/limit values. Public advisories in connected docs confirm Xen patches exi...
CVE-2016-9385
CVE-2016-9385 affects Xen 4.4.x–4.7.x. A local x86 PV guest OS administrator can crash the host via the x86 segment base write emulation due to lack of canonical address checks in the emulator. The underlying issue is insufficient address validation during emulation, leading to a Denial of Servic...
CVE-2016-9382
CVE-2016-9382 affects Xen 4.0.x–4.7.x and is caused by mishandling x86 task switches to VM86 mode. Local 32-bit x86 HVM guests can either escalate privileges or cause a guest crash/DoS by leveraging hardware task switching and allowing a new task to start in VM86 mode. Public references describe ...
CVE-2016-6258
CVE-2016-6258 affects Xen 4.7.x and earlier, where PV pagetable code in arch/x86/mm.c allows local 32-bit PV guest OS administrators to gain host OS privileges by abusing pagetable fast-path updates. The issue is documented across multiple advisories and vendor/SUSE patches (e.g., Xen/XSA-182 upd...
CVE-2016-9637
CVE-2016-9637 affects Xen when qemu is used as a device model; the ioport_read/ioport_write paths can mishandle a 32-bit ioport address, enabling a local x86 HVM guest administrator to escalate privileges to the qemu process due to out-of-range ioport access. The issue is tied to out-of-bounds ar...
CVE-2016-9379
The CVE-2016-9379 issue affects the Xen pygrub boot loader emulator: when S-expression output is requested, string quotes and S-expressions in the bootloader config can cause information disclosure (read/delete host files) and potential privilege escalation. The vulnerability is caused by delimit...
CVE-2016-9380
CVE-2016-9380 affects the Xen pygrub boot loader emulator. When nul-delimited output is requested, a local pygrub-using guest OS administrator can read or delete arbitrary files on the host by manipulating the bootloader configuration with NUL bytes. The vulnerability arises from how pygrub outpu...
CVE-2012-5512
CVE-2012-5512 affects Xen 4.1 via an array index error in the HVMOP_set_mem_access handler, enabling local HVM guests admins to crash the host or leak information. The provided documents confirm the vulnerability and impact but do not specify a fixed version or patch in these sources. No exploita...
CVE-2018-14007
CVE-2018-14007 describes a directory traversal in Citrix XenServer 7.1 and newer via an unauthenticated/HTTP endpoint in XAPI. The issue allows an attacker on the management network to read arbitrary files from the dom0 filesystem, potentially gaining full administrator access as described in XSA...
CVE-2015-8555
CVE-2015-8555 affects Xen: Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x and earlier do not initialize the x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, enabling local guest domains to leak sensitive information to other domains via unspecified vectors. ...
CVE-2016-10025
CVE-2016-10025 affects the Xen hypervisor when running on x86 with AMD SVM (VMFUNC emulation) and allows local HVM guests to crash the hypervisor due to a missing NULL pointer check in hvmemul_vmfunc(). Public references in the connected data show Xen versions 4.6.x–4.8.x as vulnerable and descri...
CVE-2016-6259
CVE-2016-6259 affects Xen 4.5.x–4.7.x where SMAP whitelisting is not implemented for 32-bit exception/event delivery. This enables local 32-bit PV guests to trigger a safety check that can crash the hypervisor or VMs (DoS). The root cause is missing Supervisor Mode Access Prevention whitelisting ...
CVE-2012-3494
The CVE-2012-3494 issue affects Xen hypervisor code, specifically the set_debugreg hypercall in include/asm-x86/debugreg.h, impacting Xen 4.0–4.2 and Citrix XenServer 6.0.2 and earlier on x86-64. The vulnerability arises when a guest OS user can write to the reserved bits of the DR7 debug control...
CVE-2012-3498
CVE-2012-3498 affects Xen 4.1/4.2 and Citrix XenServer 6.0.2 and earlier. The vulnerability (PHYSDEVOP_map_pirq index) arises from a missing range check on map->index, enabling a local HVM guest to crash the host and potentially read hypervisor/guest memory. Impact per sources: Denial of Servi...
CVE-2012-3496
Technical details (affected product/version, root cause, impact, exploit info, or fixes) for CVE-2012-3496 are not present in the connected documents. Monitor for updates from sources referencing this CVE.
CVE-2017-5572
CVE-2017-5572 affects Citrix XenServer (Linux Foundation xapi) up to version 7.0. An authenticated read-only administrator can corrupt the host database, as described in multiple sources. CVSS data from NVD indicates network-based access with low complexity and partial integrity/availability impa...
CVE-2016-5302
CVE-2016-5302 affects Citrix XenServer 7.0 before hotfix XS70E003, where deployments upgraded from an earlier release are vulnerable to AD credential abuse on the management network. An unauthenticated attacker with AD credentials for an account not authorized to manage a XenServer host can remot...
CVE-2017-5573
CVE-2017-5573 affects Citrix XenServer (Linux Foundation xapi). An authenticated read-only administrator can cancel tasks of other administrators. The connected documents describe the vulnerability and impact but do not provide root-cause details, affected versions beyond XenServer up to 7.0, exp...
CVE-2024-5661
CVE-2024-5661 affects XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR. The root cause is an improper rate limiting issue in an endpoint, which a malicious administrator of a guest VM can exploit to cause the host to become slow and/or unresponsive (Denial of Service). Impact is a local, privilege-...
CVE-2012-3495
CVE-2012-3495 affects the Xen hypervisor: the physdev_get_free_pirq hypercall does not validate the return value of get_free_pirq, and if that call fails it uses the error code as an array index. This can cause an invalid memory write leading to host crash and, per the description, potential priv...
CVE-2014-4947
CVE-2014-4947 describes a buffer overflow in the HVM graphics console support of Citrix XenServer, affecting XenServer 6.2 Service Pack 1 and earlier. The connected sources corroborate that the issue concerns the HVM graphics console, with the CVE clearly stated as a buffer overflow and with unsp...
CVE-2010-2619
CVE-2010-2619 affects Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel. The issue allows guest users to cause a host denial of service via unspecified vectors that trigger “incorrectly set flags.” Exploitation details are not provided in the conne...
CVE-2012-3516
CVE-2012-3516 affects Xen 4.2 and Citrix XenServer 6.0.2 via the GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall. A crafted grant reference can be used by local guest kernels or administrators to cause a host crash (DoS) and potentially gain privileges by triggering a write to ...
CVE-2014-4948
CVE-2014-4948 affects Citrix XenServer 6.2 Service Pack 1 and earlier. The connected sources corroborate that this entry involves a vulnerability in XenServer that could lead to a denial of service and information disclosure by modifying the guest virtual hard disk (VHD). The Nessus/OpenVAS entri...
CVE-2010-0633
Technical details about CVE-2010-0633 are not publicly disclosed in the provided connected documents. No concrete impact, affected products, or remediation are listed here. Monitor for updates from official advisories.
CVE-2008-3253
CVE-2008-3253 describes a cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces of Citrix XenServer family products (Express, Standard, Enterprise 4.1.0; Dell Edition 4.1.0; HP integrated XenServer 4.1.0). The vulnerability allows remote attackers to inject arbitrary web script o...