Xenserver Security Vulnerabilities and Issues — Xenserver CVE List

Lucene search

CitrixXenserver

11 matches found

cve•added 2017/01/23 9:59 p.m.•90 views

CVE-2016-9381

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

7.5CVSS7.2AI score0.00105EPSS

cve•added 2017/01/23 9:59 p.m.•85 views

CVE-2016-9383

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

8.8CVSS7.8AI score0.00135EPSS

cve•added 2017/01/23 9:59 p.m.•85 views

CVE-2016-9386

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

7.8CVSS7.3AI score0.001EPSS

cve•added 2017/01/26 3:59 p.m.•84 views

CVE-2016-10024

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

6CVSS5.7AI score0.00143EPSS

cve•added 2017/01/23 9:59 p.m.•74 views

CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

7.5CVSS7.2AI score0.00093EPSS

cve•added 2017/01/23 9:59 p.m.•74 views

CVE-2016-9382

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

7.8CVSS7.3AI score0.00124EPSS

cve•added 2017/01/23 9:59 p.m.•73 views

CVE-2016-9385

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

6CVSS6.1AI score0.00104EPSS

cve•added 2017/01/23 9:59 p.m.•72 views

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

7.9CVSS7.2AI score0.00101EPSS

cve•added 2017/01/26 3:59 p.m.•57 views

CVE-2016-10025

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.

5.5CVSS5.3AI score0.00121EPSS

cve•added 2017/01/30 4:59 p.m.•57 views

CVE-2017-5572

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.

6.5CVSS6.9AI score0.00428EPSS

cve•added 2017/01/30 4:59 p.m.•52 views

CVE-2017-5573

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.

4.9CVSS6.9AI score0.00392EPSS