Vulnerabilities > Citrix > Xenserver > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-24 | CVE-2017-12135 | Incorrect Calculation vulnerability in multiple products Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | 8.8 |
| 2017-08-24 | CVE-2017-12134 | Incorrect Calculation vulnerability in multiple products The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | 8.8 |
| 2017-08-07 | CVE-2015-7705 | Improper Input Validation vulnerability in multiple products The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | 9.8 |
| 2017-08-07 | CVE-2015-7704 | Improper Input Validation vulnerability in multiple products The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | 7.5 |
| 2017-02-17 | CVE-2016-9637 | Permissions, Privileges, and Access Controls vulnerability in Citrix Xenserver The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | 7.5 |
| 2017-01-30 | CVE-2017-5573 | Unspecified vulnerability in Citrix Xenserver An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 4.9 |
| 2017-01-30 | CVE-2017-5572 | Improper Privilege Management vulnerability in Citrix Xenserver An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 6.5 |
| 2017-01-26 | CVE-2016-10025 | NULL Pointer Dereference vulnerability in multiple products VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | 5.5 |
| 2017-01-26 | CVE-2016-10024 | Improper Input Validation vulnerability in multiple products Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | 6.0 |
| 2017-01-23 | CVE-2016-9386 | Permissions, Privileges, and Access Controls vulnerability in multiple products The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | 7.8 |