Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xenserver vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-10914
The grant-table feature in Xen up to and including 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
Xen Xen
890
VMScore
CVE-2017-10918
Xen up to and including 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
Xen Xen
890
VMScore
CVE-2017-10920
The grant-table feature in Xen up to and including 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain p...
Xen Xen
837
VMScore
CVE-2017-10917
Xen up to and including 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
Xen Xen
445
VMScore
CVE-2017-10922
The grant-table feature in Xen up to and including 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
Xen Xen
641
VMScore
CVE-2017-8903
Xen up to and including 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
605
VMScore
CVE-2017-8904
Xen up to and including 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
605
VMScore
CVE-2017-8905
Xen up to and including 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.6.3
Xen Xen 4.6.5
Xen Xen 4.6.4
Xen Xen 4.6.2
1 Github repository
725
VMScore
CVE-2017-7228
An issue (known as XSA-212) exists in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input...
Xen Xen -
1 EDB exploit
356
VMScore
CVE-2017-5573
An issue exists in Linux Foundation xapi in Citrix XenServer up to and including 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
Citrix Xenserver 6.5
Citrix Xenserver 6.0.2
Citrix Xenserver 6.2.0
Citrix Xenserver 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »