CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-3498 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3498
23 Nov 2012 — PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. PHYSDEVOP_map_pirq en Xen v4.1 y v4.2 y Citrix XenServer v6.0.2 y anteriores permite a un kernel OS HVM invitado causar una denegación de servicio (caída del host) y posiblemente leer hipervisor o memoria mediante vectores relacionados con una falta de c... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 7.9EPSS: 0%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2619
https://notcve.org/view.php?id=CVE-2010-2619
02 Jul 2010 — Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." Citrix XenServer v5.0 Update 2 y anteriores, y v5.5 Update 1 y anteriores, cuando se utiliza un kernel pvops, permite causar una denegación de servicio a los usuarios invitados en el host a través de vectores no especificados que se generan "banderas con valores incorrectos". • http://secunia.com/advisories/40282 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0633
https://notcve.org/view.php?id=CVE-2010-0633
12 Feb 2010 — Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors. Vulnerabilidad sin especificar en Citrix XenServer v5.0 Update 3 y anteriores, y v5.5, permite a usuarios locales evitar la autenticación y ejecutar llamadas API (XAPI) sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/38431 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3253
https://notcve.org/view.php?id=CVE-2008-3253
22 Jul 2008 — Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en las interfaces XenAPI HTTP en Citrix XenServer Express, Standard, y Enterprise Edition 4.1.0; C... • http://secunia.com/advisories/31133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •