ReportizFlow
Filtered by vendor Citrix
Subscriptions
Filtered by product Xenserver
Subscriptions
Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9383 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | N/A |
| Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. | ||||
| CVE-2016-9382 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | N/A |
| Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | ||||
| CVE-2016-9381 | 2 Citrix, Qemu | 2 Xenserver, Qemu | 2024-11-21 | 7.5 High |
| Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | ||||
| CVE-2016-9380 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | N/A |
| The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | ||||
| CVE-2016-9379 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | N/A |
| The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | ||||
| CVE-2016-10025 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | N/A |
| VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | ||||
| CVE-2016-10024 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-11-21 | N/A |
| Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | ||||
| CVE-2015-7705 | 4 Citrix, Netapp, Ntp and 1 more | 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more | 2024-11-21 | 9.8 Critical |
| The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | ||||
| CVE-2015-7704 | 6 Citrix, Debian, Mcafee and 3 more | 16 Xenserver, Debian Linux, Enterprise Security Manager and 13 more | 2024-11-21 | 7.5 High |
| The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | ||||
| CVE-2014-3798 | 1 Citrix | 1 Xenserver | 2024-11-21 | N/A |
| The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | ||||
| CVE-2012-4606 | 1 Citrix | 1 Xenserver | 2024-11-21 | 7.8 High |
| Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | ||||