Vulnerabilities > Citrix > Xenserver > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-9386 | Permissions, Privileges, and Access Controls vulnerability in multiple products The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | 4.6 |
| 2017-01-23 | CVE-2016-9385 | Improper Input Validation vulnerability in multiple products The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. | 4.9 |
| 2017-01-23 | CVE-2016-9382 | Permissions, Privileges, and Access Controls vulnerability in multiple products Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | 4.6 |
| 2017-01-23 | CVE-2016-9381 | Race Condition vulnerability in multiple products Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | 6.9 |
| 2017-01-23 | CVE-2016-9380 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | 4.6 |
| 2017-01-23 | CVE-2016-9379 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | 4.6 |
| 2016-08-02 | CVE-2016-6259 | Improper Input Validation vulnerability in multiple products Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | 4.9 |
| 2016-05-11 | CVE-2016-3712 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | 5.5 |
| 2016-04-13 | CVE-2015-8555 | Information Exposure vulnerability in multiple products Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. | 5.0 |
| 2016-01-22 | CVE-2016-1571 | Code vulnerability in multiple products The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | 4.7 |