Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xenserver vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2017-10915
The shadow-paging feature in Xen up to and including 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
Xen Xen
837
VMScore
CVE-2017-10917
Xen up to and including 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
Xen Xen
890
VMScore
CVE-2017-10920
The grant-table feature in Xen up to and including 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain p...
Xen Xen
890
VMScore
CVE-2017-10921
The grant-table feature in Xen up to and including 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS a...
Xen Xen
445
VMScore
CVE-2017-10922
The grant-table feature in Xen up to and including 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
Xen Xen
641
VMScore
CVE-2018-10982
An issue exists in Xen up to and including 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-...
Xen Xen
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
187
VMScore
CVE-2017-12855
Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is free to modify/reuse the grant entry when it is not in use. Under some circumstances...
Xen Xen 4.6.0
Xen Xen 4.7.0
Xen Xen 4.5.5
Xen Xen 4.6.6
Xen Xen 4.6.4
Xen Xen 4.6.3
Xen Xen 4.7.1
Xen Xen 4.5.2
Xen Xen 4.6.1
Xen Xen 4.8.0
Xen Xen 4.5.3
Xen Xen 4.9.0
Xen Xen 4.8.1
Xen Xen 4.7.3
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.6.5
Xen Xen 4.7.2
614
VMScore
CVE-2017-17564
An issue exists in Xen up to and including 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
Xen Xen
641
VMScore
CVE-2017-8903
Xen up to and including 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
Xen Xen 4.8.0
Xen Xen 4.8.1
1 Github repository
605
VMScore
CVE-2017-8904
Xen up to and including 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen Xen 4.8.0
Xen Xen 4.8.1
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »