Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xenserver vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2017-10914
The grant-table feature in Xen up to and including 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
Xen Xen
9.1
CVSSv3
CVE-2017-10917
Xen up to and including 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
Xen Xen
10
CVSSv3
CVE-2017-10920
The grant-table feature in Xen up to and including 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain p...
Xen Xen
7.8
CVSSv3
CVE-2017-17564
An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
Xen Xen
8.8
CVSSv3
CVE-2017-14316
A parameter verification issue exists in Xen up to and including 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While...
Xen Xen
8.8
CVSSv3
CVE-2017-14319
A grant unmapping issue exists in Xen up to and including 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly, ...
Xen Xen
8.8
CVSSv3
CVE-2017-8903
Xen up to and including 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
8.8
CVSSv3
CVE-2017-8904
Xen up to and including 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
8.8
CVSSv3
CVE-2017-8905
Xen up to and including 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.6.3
Xen Xen 4.6.5
Xen Xen 4.6.4
Xen Xen 4.6.2
1 Github repository
7.8
CVSSv3
CVE-2017-15588
An issue exists in Xen up to and including 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
Xen Xen 4.9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »