Citrix: >> Xenserver Security Vulnerabilities
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-01-30
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
CVSS Score
4.9
EPSS Score
0.004
Published
2017-01-30
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
CVSS Score
6.0
EPSS Score
0.001
Published
2017-01-26
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-01-26
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVSS Score
7.9
EPSS Score
0.001
Published
2017-01-23
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-01-23
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2017-01-23
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-01-23
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-01-23
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
CVSS Score
6.0
EPSS Score
0.001
Published
2017-01-23