Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xen vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2017-12135
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
Xen Xen
Citrix Xenserver 7.1
Citrix Xenserver 7.2
Citrix Xenserver 6.0.2
Citrix Xenserver 7.0
Citrix Xenserver 6.2.0
Citrix Xenserver 6.5
Debian Debian Linux 9.0
Debian Debian Linux 8.0
641
VMScore
CVE-2017-12137
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
Xen Xen
Citrix Xenserver 6.0.2
Citrix Xenserver 7.2
Citrix Xenserver 6.2.0
Citrix Xenserver 7.0
Citrix Xenserver 6.5
Citrix Xenserver 7.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
725
VMScore
CVE-2008-4405
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact...
Citrix Xen 3.0.3
1 EDB exploit
641
VMScore
CVE-2008-5716
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (...
Citrix Xen 3.3.0
490
VMScore
CVE-2010-4238
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these d...
Citrix Xen 3.1.2
736
VMScore
CVE-2012-0217
The x86-64 kernel system-call functionality in Xen 4.1.2 and previous versions, as used in Citrix XenServer 6.0.2 and previous versions and other products; Oracle Solaris 11 and previous versions; illumos before r13724; Joyent SmartOS prior to 20120614T184600Z; FreeBSD prior to 9...
Freebsd Freebsd
Illumos Illumos
Joyent Smartos
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.1
Xen Xen
Xen Xen 4.0.0
Xen Xen 4.0.1
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2003
Microsoft Windows Xp
Citrix Xenserver 6.0
Citrix Xenserver
Netbsd Netbsd
Sun Sunos
3 EDB exploits
3 Github repositories
1 Article
445
VMScore
CVE-2015-8555
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and previous versions do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vect...
Citrix Xenserver 6.0
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.6.0
Xen Xen 4.3.4
Xen Xen 4.3.3
Xen Xen 4.4.1
Xen Xen 4.4.0
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.5.3
Xen Xen 4.5.2
Xen Xen 4.3.0
Xen Xen 4.4.4
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.6.1
187
VMScore
CVE-2017-12855
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances...
Xen Xen 4.8.0
Xen Xen 4.7.0
Xen Xen 4.5.3
Xen Xen 4.5.5
Xen Xen 4.7.2
Xen Xen 4.7.3
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.7.1
Xen Xen 4.6.6
Xen Xen 4.6.3
Xen Xen 4.6.4
Xen Xen 4.5.0
Xen Xen 4.9.0
Xen Xen 4.8.1
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.6.5
436
VMScore
CVE-2017-14318
An issue exists in Xen 4.5.x up to and including 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the page that is to be operated on. If it is not, the owner's grant table i...
Xen Xen 4.5.0
Xen Xen 4.6.3
Xen Xen 4.6.4
Xen Xen 4.8.0
Xen Xen 4.8.1
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.7.2
Xen Xen 4.7.3
Xen Xen 4.5.3
Xen Xen 4.5.5
Xen Xen 4.7.0
Xen Xen 4.7.1
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.6.5
Xen Xen 4.6.6
Xen Xen 4.9.0
605
VMScore
CVE-2017-8905
Xen up to and including 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.6.3
Xen Xen 4.6.5
Xen Xen 4.6.4
Xen Xen 4.6.2
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »