CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5661 – Potential Denial of Service affecting XenServer and Citrix Hypervisor
https://notcve.org/view.php?id=CVE-2024-5661
13 Jun 2024 — An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. Se ha identificado un problema tanto en XenServer 8 como en Citrix Hypervisor 8.2 CU1 LTSR que puede permitir que un administrador malintencionado de una máquina virtual invitada haga que el host se vuelva lento o no responda. • https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661 •
CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-9382 – Gentoo Linux Security Advisory 201612-56
https://notcve.org/view.php?id=CVE-2016-9382
02 Jan 2017 — Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. Xen 4.0.x hasta la versión 4.7.x administra mal los conmutadores de tareas x86 para el modo VM86, lo que permite a usuarios locales del SO invitado x86 HVM de 32-bit obtener privilegios o provocar una denegación de... • http://www.securityfocus.com/bid/94470 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2016-6258 – Debian Security Advisory 3633-1
https://notcve.org/view.php?id=CVE-2016-6258
28 Jul 2016 — The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. El código de tabla de página PV en arch/x86/mm.c en Xen 4.7.x y versiones anteriores permite a administradores 32-bit PV locales del SO invitado obtener privilegios de administrador del SO mediante el aprovechamiento de fast_paths para la actualización de las entradas de la tabla de página. An update that solves 27 ... • http://support.citrix.com/article/CTX214954 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5302
https://notcve.org/view.php?id=CVE-2016-5302
13 Jun 2016 — Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. Citrix XenServer 7.0 en versiones anteriores a Hotfix XS70E003, cuando un despliegue se ha actualizado desde una versión anterior, podría permitir a atacantes remotos en la red de gestión "comprometer" un host aprovechando las credenciales para una cuenta Active Direct... • http://support.citrix.com/article/CTX213549 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 0CVE-2016-3712 – qemu-kvm: Out-of-bounds read when creating weird vga screen surface
https://notcve.org/view.php?id=CVE-2016-3712
10 May 2016 — Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Desbordamiento de entero en el módulo VGA en QEMU permite a usuarios de SO invitado locales provocar una denegación de servicio (lectura fuera de límites y caída de proceso QEMU) editando registros VGA en modo VBE. An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA r... • http://rhn.redhat.com/errata/RHSA-2016-2585.html • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 0CVE-2016-3710 – qemu: incorrect banked access bounds checking in vga module
https://notcve.org/view.php?id=CVE-2016-3710
09 May 2016 — The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. El módulo VGA en QEMU lleva a cabo incorrectamente comprobaciones de límites sobre acceso almacenado a la memoria de vídeo, lo que permite a administradores locales de SO invitado ejecutar código arbitrario sobre el anfitrión cambiando los modos de ac... • http://rhn.redhat.com/errata/RHSA-2016-0724.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.3EPSS: 0%CPEs: 37EXPL: 0CVE-2016-1571 – Debian Security Advisory 3519-1
https://notcve.org/view.php?id=CVE-2016-1571
22 Jan 2016 — The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. La función paging_invlpg en include/asm-x86/paging.h en Xen 3.3.x hasta la versión 4.6.x, cuando se utiliza paginación en modo shadow o la virtualización anidada está habilitada, permite a us... • http://support.citrix.com/article/CTX205496 • CWE-17: DEPRECATED: Code •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5512 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-5512
13 Dec 2012 — Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. Un error índice de matriz en el controlador de HVMOP_set_mem_access en Xen v4.1 permite causar una denegación de servicio (caída del S.O.) u obtener información sensible a los administradores de sistemas operativos invitados en el HVM local a través de vectores no especificados. Multiple vulnerabilities have be... • http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html • CWE-16: Configuration •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3516
https://notcve.org/view.php?id=CVE-2012-3516
23 Nov 2012 — The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. La sub-operación GNTTABOP_swap_grant_ref en el "grant table hypercall" en Xen v4.2 y Citrix XenServer v6.0.2 permite a los kernels locales de invitado o administradores causar una denegación ... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2012-3495 – Gentoo Linux Security Advisory 201309-24
https://notcve.org/view.php?id=CVE-2012-3495
23 Nov 2012 — The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. La hypercall physdev_get_free_pirq en arch/x86/physdev.c en Xen v4.1.x y Citrix XenServer v6.0.2 y anteriores utiliza el val... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html • CWE-20: Improper Input Validation •