Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-9383 | Improper Input Validation vulnerability in multiple products Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. | 8.8 |
| 2017-01-23 | CVE-2016-9382 | Permissions, Privileges, and Access Controls vulnerability in multiple products Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | 7.8 |
| 2017-01-23 | CVE-2016-9381 | Race Condition vulnerability in multiple products Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | 7.5 |
| 2017-01-23 | CVE-2016-9380 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | 7.5 |
| 2017-01-23 | CVE-2016-9379 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | 7.9 |
| 2017-01-18 | CVE-2016-9680 | Information Exposure vulnerability in Citrix Provisioning Services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | 7.5 |
| 2017-01-18 | CVE-2016-9679 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix Provisioning Services Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | 9.8 |
| 2017-01-18 | CVE-2016-9678 | Use After Free vulnerability in Citrix Provisioning Services Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-01-18 | CVE-2016-9677 | Information Exposure vulnerability in Citrix Provisioning Services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | 5.3 |
| 2017-01-18 | CVE-2016-9676 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix Provisioning Services Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | 9.8 |