Vulnerabilities (CVE)

Filtered by vendor Citrix Subscribe
Filtered by product Xenserver
Total 51 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-5661 1 Citrix 2 Hypervisor, Xenserver 2024-10-28 N/A 6.0 MEDIUM
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
CVE-2012-4606 1 Citrix 1 Xenserver 2024-02-04 4.6 MEDIUM 7.8 HIGH
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
CVE-2014-3798 1 Citrix 1 Xenserver 2024-02-04 6.1 MEDIUM 6.5 MEDIUM
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
CVE-2017-2620 5 Citrix, Debian, Qemu and 2 more 10 Xenserver, Debian Linux, Qemu and 7 more 2024-02-04 9.0 HIGH 9.9 CRITICAL
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
CVE-2018-19962 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2024-02-04 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
CVE-2018-19961 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2024-02-04 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVE-2018-19965 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2024-02-04 4.7 MEDIUM 5.6 MEDIUM
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
CVE-2016-9603 4 Citrix, Debian, Qemu and 1 more 9 Xenserver, Debian Linux, Qemu and 6 more 2024-02-04 9.0 HIGH 9.9 CRITICAL
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process.
CVE-2018-14007 1 Citrix 1 Xenserver 2024-02-04 10.0 HIGH 9.8 CRITICAL
Citrix XenServer 7.1 and newer allows Directory Traversal.
CVE-2018-8897 8 Apple, Canonical, Citrix and 5 more 11 Mac Os X, Ubuntu Linux, Xenserver and 8 more 2024-02-04 7.2 HIGH 7.8 HIGH
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
CVE-2018-3665 6 Canonical, Citrix, Debian and 3 more 14 Ubuntu Linux, Xenserver, Debian Linux and 11 more 2024-02-04 4.7 MEDIUM 5.6 MEDIUM
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2017-2615 5 Citrix, Debian, Qemu and 2 more 10 Xenserver, Debian Linux, Qemu and 7 more 2024-02-04 9.0 HIGH 9.1 CRITICAL
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
CVE-2018-11053 4 Citrix, Dell, Redhat and 1 more 4 Xenserver, Emc Idrac Service Module, Enterprise Linux and 1 more 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.
CVE-2015-7704 6 Citrix, Debian, Mcafee and 3 more 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVE-2017-12137 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2024-02-04 7.2 HIGH 8.8 HIGH
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
CVE-2017-12136 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2024-02-04 6.9 MEDIUM 7.8 HIGH
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
CVE-2015-7705 4 Citrix, Netapp, Ntp and 1 more 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVE-2017-12134 2 Citrix, Xen 2 Xenserver, Xen 2024-02-04 7.2 HIGH 8.8 HIGH
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
CVE-2017-12135 3 Citrix, Debian, Xen 3 Xenserver, Debian Linux, Xen 2024-02-04 4.6 MEDIUM 8.8 HIGH
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
CVE-2016-9380 2 Citrix, Xen 2 Xenserver, Xen 2024-02-04 4.6 MEDIUM 7.5 HIGH
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.