Product:

Xenserver

(Citrix)
Repositories https://github.com/torvalds/linux
#Vulnerabilities 46
Date ID Summary Products Score Patch
2016-05-11 CVE-2016-3712 Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Ubuntu_linux, Xenserver, Debian_linux, Vm_server, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation N/A
2016-05-11 CVE-2016-3710 The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. Ubuntu_linux, Xenserver, Debian_linux, Helion_openstack, Linux, Vm_server, Qemu, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack, Virtualization N/A
2020-01-23 CVE-2012-4606 Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. Xenserver N/A
2017-01-30 CVE-2017-5573 An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. Xenserver 4.9
2017-01-30 CVE-2017-5572 An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. Xenserver 6.5
2017-08-24 CVE-2017-12137 arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. Xenserver, Debian_linux, Xen 8.8
2017-08-24 CVE-2017-12135 Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. Xenserver, Debian_linux, Xen 8.8
2017-08-24 CVE-2017-12134 The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. Xenserver, Xen 8.8
2019-07-11 CVE-2014-3798 The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. Xenserver 6.5
2018-06-21 CVE-2018-3665 System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Core_i3, Core_i5, Core_i7, Core_m, Core_m3, Core_m5, Core_m7, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_workstation 5.6