Vulnerabilities > Citrix > Xenserver > 6.0

DATE CVE VULNERABILITY TITLE RISK
2020-01-23 CVE-2012-4606 Improper Privilege Management vulnerability in Citrix Xenserver
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.
local
low complexity
citrix CWE-269
7.8
2019-07-11 CVE-2014-3798 Improper Input Validation vulnerability in Citrix Xenserver
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
low complexity
citrix CWE-20
6.5
2016-08-02 CVE-2016-6259 Improper Input Validation vulnerability in multiple products
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
local
low complexity
xen citrix CWE-20
6.2
2016-08-02 CVE-2016-6258 Improper Access Control vulnerability in multiple products
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
local
low complexity
xen citrix CWE-284
8.8
2016-06-13 CVE-2016-5302 Improper Access Control vulnerability in Citrix Xenserver
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
network
low complexity
citrix CWE-284
critical
9.8
2016-05-11 CVE-2016-3712 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
5.5
2016-05-11 CVE-2016-3710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
8.8
2016-04-13 CVE-2015-8555 Information Exposure vulnerability in multiple products
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
network
low complexity
citrix xen CWE-200
8.6