Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.21%
Published
2008-07-22
Updated
2017-08-08
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.
Max CVSS
4.6
EPSS Score
0.04%
Published
2010-02-12
Updated
2010-03-18
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-07-02
Updated
2010-07-06

CVE-2012-0217

Public exploit
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Max CVSS
7.2
EPSS Score
0.06%
Published
2012-06-12
Updated
2020-09-28
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.
Max CVSS
2.1
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.
Max CVSS
6.1
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-07-01
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.
Max CVSS
4.7
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.
Max CVSS
5.6
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.
Max CVSS
6.9
EPSS Score
0.06%
Published
2012-11-23
Updated
2013-02-01
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-01-23
Updated
2020-02-03
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.
Max CVSS
3.2
EPSS Score
0.07%
Published
2012-12-13
Updated
2017-08-29
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
Max CVSS
6.5
EPSS Score
0.50%
Published
2019-07-11
Updated
2019-07-15
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.66%
Published
2014-07-22
Updated
2017-08-29
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
Max CVSS
6.4
EPSS Score
0.43%
Published
2014-07-22
Updated
2017-08-29
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
Max CVSS
4.6
EPSS Score
0.06%
Published
2015-06-03
Updated
2020-09-09
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
Max CVSS
7.5
EPSS Score
87.35%
Published
2017-08-07
Updated
2021-11-17
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
Max CVSS
9.8
EPSS Score
1.22%
Published
2017-08-07
Updated
2021-11-17
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
Max CVSS
8.6
EPSS Score
0.31%
Published
2016-04-13
Updated
2017-07-01
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.
Max CVSS
6.3
EPSS Score
0.21%
Published
2016-01-22
Updated
2018-10-30
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
Max CVSS
8.8
EPSS Score
0.15%
Published
2016-05-11
Updated
2021-08-04
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
Max CVSS
5.5
EPSS Score
0.05%
Published
2016-05-11
Updated
2023-02-12
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
Max CVSS
9.8
EPSS Score
0.86%
Published
2016-06-13
Updated
2016-06-20
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Max CVSS
8.8
EPSS Score
0.06%
Published
2016-08-02
Updated
2017-07-01
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
Max CVSS
6.2
EPSS Score
0.18%
Published
2016-08-02
Updated
2016-08-04
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
Max CVSS
7.9
EPSS Score
0.06%
Published
2017-01-23
Updated
2017-07-01
49 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!