Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-11 CVE-2017-8905 Incorrect Calculation vulnerability in XEN
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
local
low complexity
xen CWE-682
8.8
2017-05-11 CVE-2017-8904 Unspecified vulnerability in XEN 4.8.0/4.8.1
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
local
low complexity
xen
8.8
2017-05-11 CVE-2017-8903 Unspecified vulnerability in XEN 4.8.0/4.8.1
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
local
low complexity
xen
8.8
2017-04-04 CVE-2017-7228 Improper Validation of Array Index vulnerability in XEN
An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x.
local
low complexity
xen CWE-129
8.2
2017-01-26 CVE-2016-10013 Permissions, Privileges, and Access Controls vulnerability in XEN
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
local
low complexity
xen CWE-264
7.8
2017-01-23 CVE-2016-9386 Permissions, Privileges, and Access Controls vulnerability in multiple products
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
local
low complexity
citrix xen CWE-264
7.8
2017-01-23 CVE-2016-9383 Improper Input Validation vulnerability in multiple products
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.
local
low complexity
xen citrix CWE-20
8.8
2017-01-23 CVE-2016-9382 Permissions, Privileges, and Access Controls vulnerability in multiple products
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.
local
low complexity
xen citrix CWE-264
7.8
2017-01-23 CVE-2016-9380 Improper Input Validation vulnerability in multiple products
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
local
high complexity
xen citrix CWE-20
7.5
2017-01-23 CVE-2016-9379 Improper Input Validation vulnerability in multiple products
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
local
low complexity
xen citrix CWE-20
7.9