Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-02-27 CVE-2016-9818 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
local
low complexity
xen CWE-284
6.5
2017-02-27 CVE-2016-9817 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
local
low complexity
xen CWE-284
6.5
2017-02-27 CVE-2016-9816 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.
local
low complexity
xen CWE-284
6.5
2017-02-27 CVE-2016-9815 Improper Access Control vulnerability in XEN 4.7.0/4.7.1
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.
local
low complexity
xen CWE-284
6.5
2017-02-22 CVE-2016-9384 Information Exposure vulnerability in XEN 4.7.0/4.7.1
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
local
low complexity
xen CWE-200
6.5
2017-02-22 CVE-2016-9378 Improper Access Control vulnerability in XEN
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
local
low complexity
xen CWE-284
5.5
2017-02-22 CVE-2016-9377 Incorrect Calculation vulnerability in XEN
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
local
low complexity
xen CWE-682
5.5
2017-01-26 CVE-2016-10025 NULL Pointer Dereference vulnerability in multiple products
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
local
low complexity
xen citrix CWE-476
5.5
2017-01-26 CVE-2016-10024 Improper Input Validation vulnerability in multiple products
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
local
low complexity
xen citrix CWE-20
6.0
2017-01-23 CVE-2016-9385 Improper Input Validation vulnerability in multiple products
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.
local
low complexity
xen citrix CWE-20
6.0