Lucene search

K
CitrixXenserver6.5

23 matches found

CVE
CVE
added 2018/05/08 6:29 p.m.439 views

CVE-2018-8897

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated...

7.8CVSS6.8AI score0.21337EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.207 views

CVE-2015-7705

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

9.8CVSS9.4AI score0.25676EPSS
CVE
CVE
added 2017/08/07 8:29 p.m.183 views

CVE-2015-7704

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

7.5CVSS8.2AI score0.57035EPSS
CVE
CVE
added 2018/07/27 7:29 p.m.165 views

CVE-2017-2620

Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially...

9.9CVSS7.9AI score0.02502EPSS
CVE
CVE
added 2017/08/24 2:29 p.m.162 views

CVE-2017-12134

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability ca...

8.8CVSS7.3AI score0.00286EPSS
CVE
CVE
added 2018/07/03 1:29 a.m.135 views

CVE-2017-2615

Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or poten...

9.1CVSS7.7AI score0.01049EPSS
CVE
CVE
added 2018/07/27 9:29 p.m.131 views

CVE-2016-9603

A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw ...

9.9CVSS8AI score0.01523EPSS
CVE
CVE
added 2017/08/24 2:29 p.m.100 views

CVE-2017-12135

Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.

8.8CVSS6.4AI score0.00135EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.90 views

CVE-2016-9381

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

7.5CVSS7.2AI score0.00105EPSS
CVE
CVE
added 2017/08/24 2:29 p.m.89 views

CVE-2017-12137

arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

8.8CVSS6.1AI score0.00099EPSS
CVE
CVE
added 2017/08/24 2:29 p.m.87 views

CVE-2017-12136

Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

7.8CVSS6.4AI score0.00053EPSS
CVE
CVE
added 2015/06/03 8:59 p.m.85 views

CVE-2015-4106

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

4.6CVSS7.6AI score0.00085EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.85 views

CVE-2016-9383

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

8.8CVSS7.8AI score0.00135EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.85 views

CVE-2016-9386

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

7.8CVSS7.3AI score0.001EPSS
CVE
CVE
added 2017/01/26 3:59 p.m.84 views

CVE-2016-10024

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

6CVSS5.7AI score0.00143EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.74 views

CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

7.5CVSS7.2AI score0.00093EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.74 views

CVE-2016-9382

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

7.8CVSS7.3AI score0.00124EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.73 views

CVE-2016-9385

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

6CVSS6.1AI score0.00104EPSS
CVE
CVE
added 2017/01/23 9:59 p.m.72 views

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

7.9CVSS7.2AI score0.00101EPSS
CVE
CVE
added 2017/02/17 2:59 a.m.67 views

CVE-2016-9637

The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

7.5CVSS6.7AI score0.00087EPSS
CVE
CVE
added 2017/01/26 3:59 p.m.57 views

CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.

5.5CVSS5.3AI score0.00121EPSS
CVE
CVE
added 2017/01/30 4:59 p.m.57 views

CVE-2017-5572

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.

6.5CVSS6.9AI score0.00428EPSS
CVE
CVE
added 2017/01/30 4:59 p.m.52 views

CVE-2017-5573

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.

4.9CVSS6.9AI score0.00392EPSS