CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-3498 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3498
23 Nov 2012 — PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. PHYSDEVOP_map_pirq en Xen v4.1 y v4.2 y Citrix XenServer v6.0.2 y anteriores permite a un kernel OS HVM invitado causar una denegación de servicio (caída del host) y posiblemente leer hipervisor o memoria mediante vectores relacionados con una falta de c... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4606 – Citrix XenServer 6.0.2 Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-4606
30 Oct 2012 — Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. Citrix XenServer versiones 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0 y 5.0 Update 3, contiene una vulnerabilidad de Escalada de Privilegios Locales que podría permitir a usuarios locales con acceso a un sistema operativo... • http://www.securityfocus.com/bid/55432 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2012-3494 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3494
10 Sep 2012 — The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. La hiperllamada et_debugreg en include/asm-x86/debugreg.h en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando se ejecuta sobre systemas x86-64, permite a usuarios locales del SO invitado generar una... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2012-3496 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3496
10 Sep 2012 — XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. XENMEM_populate_physmap en Xen v4.0, v4.1, y v4.2, y Citrix XenServer v6.0.2 y anteriores, cuando el modo de traducción de página no se utiliza, permite a los kernels locales PV del SO invitado causar una denegación de servicio (caída d... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html • CWE-16: Configuration •
CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 5CVE-2012-0217 – FreeBSD Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2619
https://notcve.org/view.php?id=CVE-2010-2619
02 Jul 2010 — Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." Citrix XenServer v5.0 Update 2 y anteriores, y v5.5 Update 1 y anteriores, cuando se utiliza un kernel pvops, permite causar una denegación de servicio a los usuarios invitados en el host a través de vectores no especificados que se generan "banderas con valores incorrectos". • http://secunia.com/advisories/40282 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0633
https://notcve.org/view.php?id=CVE-2010-0633
12 Feb 2010 — Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors. Vulnerabilidad sin especificar en Citrix XenServer v5.0 Update 3 y anteriores, y v5.5, permite a usuarios locales evitar la autenticación y ejecutar llamadas API (XAPI) sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/38431 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3253
https://notcve.org/view.php?id=CVE-2008-3253
22 Jul 2008 — Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en las interfaces XenAPI HTTP en Citrix XenServer Express, Standard, y Enterprise Edition 4.1.0; C... • http://secunia.com/advisories/31133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •