Xenserver Security Vulnerabilities and Issues — Xenserver CVE List

Lucene search

CitrixXenserver

10 matches found

CVE•added 2019/07/11 8:15 p.m.•105 views

CVE-2014-3798

The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.

6.5CVSS6.3AI score0.04615EPSS

CVE•added 2016/01/22 3:59 p.m.•89 views

CVE-2016-1571

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a ...

6.3CVSS6.1AI score0.00297EPSS

CVE•added 2017/01/26 3:59 p.m.•84 views

CVE-2016-10024

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

6CVSS5.7AI score0.00143EPSS

CVE•added 2017/01/23 9:59 p.m.•73 views

CVE-2016-9385

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

6CVSS6.1AI score0.00104EPSS

CVE•added 2016/08/02 4:59 p.m.•60 views

CVE-2016-6259

Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.

6.2CVSS6AI score0.00195EPSS

CVE•added 2017/01/30 4:59 p.m.•57 views

CVE-2017-5572

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.

6.5CVSS6.9AI score0.00428EPSS

CVE•added 2012/11/23 8:55 p.m.•48 views

CVE-2012-3495

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (in...

6.1CVSS6.3AI score0.00081EPSS

CVE•added 2024/06/13 6:15 a.m.•47 views

CVE-2024-5661

An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.

6CVSS5.9AI score0.00069EPSS

CVE•added 2014/07/22 8:55 p.m.•43 views

CVE-2014-4948

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).

6.4CVSS6.5AI score0.00545EPSS

CVE•added 2012/11/23 8:55 p.m.•41 views

CVE-2012-3516

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hyperv...

6.9CVSS6.8AI score0.00081EPSS