Vulnerabilities > Citrix > Xenserver > 6.1.0

DATE CVE VULNERABILITY TITLE RISK
2019-07-11 CVE-2014-3798 Improper Input Validation vulnerability in Citrix Xenserver
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.
low complexity
citrix CWE-20
6.1
2016-06-13 CVE-2016-5302 Improper Access Control vulnerability in Citrix Xenserver
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
network
low complexity
citrix CWE-284
7.5
2016-05-11 CVE-2016-3712 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.
5.5
2016-05-11 CVE-2016-3710 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
7.2
2015-06-03 CVE-2015-4106 Incorrect Authorization vulnerability in multiple products
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
4.6