Vulnerabilities > Citrix > Xenserver

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-5661 Unspecified vulnerability in Citrix Hypervisor and Xenserver
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
local
low complexity
citrix
6.0
2020-01-23 CVE-2012-4606 Improper Privilege Management vulnerability in Citrix Xenserver
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
local
low complexity
citrix CWE-269
7.8
2019-07-11 CVE-2014-3798 Improper Input Validation vulnerability in Citrix Xenserver
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
low complexity
citrix CWE-20
6.5
2018-12-08 CVE-2018-19965 An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code.
local
high complexity
xen citrix debian
5.6
2018-12-08 CVE-2018-19962 Information Exposure vulnerability in multiple products
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
local
high complexity
xen debian citrix CWE-200
7.8
2018-12-08 CVE-2018-19961 Incomplete Cleanup vulnerability in multiple products
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
local
high complexity
xen debian citrix CWE-459
7.8
2018-08-15 CVE-2018-14007 Path Traversal vulnerability in Citrix Xenserver 7.1/7.4/7.5
Citrix XenServer 7.1 and newer allows Directory Traversal.
network
low complexity
citrix CWE-22
critical
9.8
2018-07-27 CVE-2016-9603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest.
network
low complexity
qemu redhat citrix debian CWE-119
critical
9.9
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
9.9
2018-07-03 CVE-2017-2615 Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen
critical
9.1