Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xenserver vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-8904
Xen up to and including 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
6.8
CVSSv2
CVE-2017-8905
Xen up to and including 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.6.3
Xen Xen 4.6.5
Xen Xen 4.6.4
Xen Xen 4.6.2
1 Github repository
6.4
CVSSv2
CVE-2014-4948
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and previous versions allows malicious users to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
Citrix Xenserver 6.2.0
6.1
CVSSv2
CVE-2014-3798
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and previous versions allows remote malicious users to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
Citrix Xenserver 6.2.0
Citrix Xenserver 6.0
Citrix Xenserver 6.0.2
Citrix Xenserver 6.1.0
6.1
CVSSv2
CVE-2018-7541
An issue exists in Xen up to and including 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
Xen Xen
Debian Debian Linux 9.0
6.1
CVSSv2
CVE-2012-3495
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and previous versions uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to ...
Xen Xen 4.1.0
Xen Xen 4.1.1
Citrix Xenserver 5.5
Citrix Xenserver 5.0
Citrix Xenserver 5.6
Citrix Xenserver
Citrix Xenserver 6.0
Xen Xen 4.1.2
Xen Xen 4.1.3
6
CVSSv2
CVE-2009-3759
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote malicious users to hijack the authentication of administrators for (1) requests that change the password via the username parameter to confi...
Citrix Xencenterweb -
1 EDB exploit
5.6
CVSSv2
CVE-2012-3498
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and previous versions allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.
Xen Xen 4.1.0
Xen Xen 4.2.0
Citrix Xenserver
5.5
CVSSv2
CVE-2017-5572
An issue exists in Linux Foundation xapi in Citrix XenServer up to and including 7.0. An authenticated read-only administrator can corrupt the host database.
Citrix Xenserver 7.0
Citrix Xenserver 6.5
Citrix Xenserver 6.2.0
Citrix Xenserver 6.0.2
5
CVSSv2
CVE-2017-10922
The grant-table feature in Xen up to and including 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
Xen Xen
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »