Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xenserver vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2009-3759
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote malicious users to hijack the authentication of administrators for (1) requests that change the password via the username parameter to confi...
Citrix Xencenterweb -
1 EDB exploit
8.6
CVSSv3
CVE-2015-8555
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and previous versions do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vect...
Citrix Xenserver 6.0
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.6.0
Xen Xen 4.3.4
Xen Xen 4.3.3
Xen Xen 4.4.1
Xen Xen 4.4.0
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.5.3
Xen Xen 4.5.2
Xen Xen 4.3.0
Xen Xen 4.4.4
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.6.1
8.2
CVSSv3
CVE-2017-7228
An issue (known as XSA-212) exists in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input...
Xen Xen -
1 EDB exploit
8.1
CVSSv3
CVE-2017-10914
The grant-table feature in Xen up to and including 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
Xen Xen
7.8
CVSSv3
CVE-2012-4606
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
Citrix Xenserver 4.1
Citrix Xenserver 5.0
Citrix Xenserver 5.5
Citrix Xenserver 5.6
Citrix Xenserver 6.0
7.8
CVSSv3
CVE-2018-19961
An issue exists in Xen up to and including 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
Xen Xen
Debian Debian Linux 9.0
Citrix Xenserver 7.0
Citrix Xenserver 7.5
Citrix Xenserver 7.6
Citrix Xenserver 7.1
7.8
CVSSv3
CVE-2018-19962
An issue exists in Xen up to and including 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
Xen Xen
Debian Debian Linux 9.0
Citrix Xenserver 7.0
Citrix Xenserver 7.5
Citrix Xenserver 7.6
Citrix Xenserver 7.1
7.8
CVSSv3
CVE-2018-15471
An issue exists in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel up to and including 4.18.1, as used in Xen up to and including 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. W...
Xen Xen
Linux Linux Kernel
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
7.8
CVSSv3
CVE-2017-17563
An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode.
Xen Xen
7.8
CVSSv3
CVE-2017-17564
An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
Xen Xen
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »