Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xenserver vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2017-10917
Xen up to and including 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
Xen Xen
10
CVSSv3
CVE-2017-10918
Xen up to and including 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
Xen Xen
10
CVSSv3
CVE-2017-10920
The grant-table feature in Xen up to and including 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain p...
Xen Xen
10
CVSSv3
CVE-2017-10921
The grant-table feature in Xen up to and including 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS a...
Xen Xen
7.5
CVSSv3
CVE-2017-10922
The grant-table feature in Xen up to and including 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
Xen Xen
8.8
CVSSv3
CVE-2017-8903
Xen up to and including 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
8.8
CVSSv3
CVE-2017-8904
Xen up to and including 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
8.8
CVSSv3
CVE-2017-8905
Xen up to and including 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.6.3
Xen Xen 4.6.5
Xen Xen 4.6.4
Xen Xen 4.6.2
1 Github repository
8.2
CVSSv3
CVE-2017-7228
An issue (known as XSA-212) exists in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input...
Xen Xen -
1 EDB exploit
6.5
CVSSv3
CVE-2017-5572
An issue exists in Linux Foundation xapi in Citrix XenServer up to and including 7.0. An authenticated read-only administrator can corrupt the host database.
Citrix Xenserver 7.0
Citrix Xenserver 6.5
Citrix Xenserver 6.2.0
Citrix Xenserver 6.0.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »