CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5661 – Potential Denial of Service affecting XenServer and Citrix Hypervisor
https://notcve.org/view.php?id=CVE-2024-5661
13 Jun 2024 — An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. Se ha identificado un problema tanto en XenServer 8 como en Citrix Hypervisor 8.2 CU1 LTSR que puede permitir que un administrador malintencionado de una máquina virtual invitada haga que el host se vuelva lento o no responda. • https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-4606
https://notcve.org/view.php?id=CVE-2012-4606
23 Jan 2020 — Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. Citrix XenServer versiones 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0 y 5.0 Update 3, contiene una vulnerabilidad de Escalada de Privilegios Locales que podría permitir a usuarios locales con acceso a un sistema operativo... • http://www.securityfocus.com/bid/55432 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3798
https://notcve.org/view.php?id=CVE-2014-3798
11 Jul 2019 — The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. Las Herramientas para Invitados de Windows en Citrix XenServer versión 6.2 SP1 y anteriores, permiten a los atacantes remotos causar una denegación de servicio (fallo del Sistema Operativo invitado) por medio de una trama de Ethernet especialmente diseñada. • http://secunia.com/advisories/58455 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 6CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
08 May 2018 — A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, ... • https://packetstorm.news/files/id/148549 • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-12135 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12135
24 Aug 2017 — Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. Xen permite que usuarios locales invitados del sistema operativo provoquen una denegación de servicio (bloqueo) o que tengan la posibilidad de obtener información sensible u obtener privilegios mediante vectores relacionados con concesiones transitivas. Multiple vulnerabilities have been found in Xen, the worst of which could allow for priv... • http://www.debian.org/security/2017/dsa-3969 • CWE-682: Incorrect Calculation •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2017-12137 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12137
24 Aug 2017 — arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. arch/x86/mm.c en Xen permite que usuarios locales PV del sistema operativo obtengan privilegios SO del host mediante vectores relacionados con map_grant_ref. Multiple vulnerabilities have been found in Xen, the worst of which could allow for privilege escalation. Versions less than 4.9.1-r1 are affected. • http://www.debian.org/security/2017/dsa-3969 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-12136 – Gentoo Linux Security Advisory 201801-14
https://notcve.org/view.php?id=CVE-2017-12136
24 Aug 2017 — Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. Una condición de carrera en el código de tabla de concesiones en Xen 4.6.x a 4.9.x permite que administradores invitados locales del sistema operativo provoquen una denegación de servicio (corrupción de lista libre y bloqueo del host) o que obtengan beneficios... • http://www.debian.org/security/2017/dsa-3969 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-12134 – Ubuntu Security Notice USN-3444-2
https://notcve.org/view.php?id=CVE-2017-12134
24 Aug 2017 — The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. La función xen_biovec_phys_mergeable en drivers/xen/biomerge.c en Xen podría permitir que usuarios invitados locales del sistema operativo corrompan transmisiones en bloque de datos del sistema y, conse... • http://www.debian.org/security/2017/dsa-3981 • CWE-682: Incorrect Calculation •
CVSS: 9.9EPSS: 0%CPEs: 24EXPL: 0CVE-2016-9603 – Qemu: cirrus: heap buffer overflow via vnc connection
https://notcve.org/view.php?id=CVE-2016-9603
18 Apr 2017 — A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en... • http://www.securityfocus.com/bid/96893 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.9EPSS: 0%CPEs: 32EXPL: 0CVE-2017-2620 – Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo
https://notcve.org/view.php?id=CVE-2017-2620
27 Feb 2017 — Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. Quick emulator (QEMU) en versiones anteriores a la 2.8 construido con el soporte del emulador Cirrus CLGD 54xx VGA Emulator es vulnerable a un p... • http://rhn.redhat.com/errata/RHSA-2017-0328.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •