Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xenserver
(Citrix)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 49 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-21 | CVE-2018-3665 | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | Ubuntu_linux, Xenserver, Debian_linux, Freebsd, Core_i3, Core_i5, Core_i7, Core_m, Core_m3, Core_m5, Core_m7, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_workstation | 5.6 | ||
| 2017-01-23 | CVE-2016-9381 | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | Xenserver, Qemu | 7.5 | ||
| 2015-06-03 | CVE-2015-4106 | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | Ubuntu_linux, Xenserver, Debian_linux, Fedora, Qemu, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
| 2020-01-23 | CVE-2012-4606 | Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | Xenserver | N/A | ||
| 2017-01-30 | CVE-2017-5573 | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. | Xenserver | 4.9 | ||
| 2017-01-30 | CVE-2017-5572 | An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. | Xenserver | 6.5 | ||
| 2017-08-24 | CVE-2017-12137 | arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | Xenserver, Debian_linux, Xen | 8.8 | ||
| 2017-08-24 | CVE-2017-12135 | Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | Xenserver, Debian_linux, Xen | 8.8 | ||
| 2017-08-24 | CVE-2017-12134 | The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | Xenserver, Xen | 8.8 | ||
| 2019-07-11 | CVE-2014-3798 | The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | Xenserver | 6.5 |