Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2016-9380 Improper Input Validation vulnerability in multiple products
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
local
low complexity
xen citrix CWE-20
4.6
2017-01-23 CVE-2016-9379 Improper Input Validation vulnerability in multiple products
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
local
low complexity
xen citrix CWE-20
4.6
2016-09-21 CVE-2016-7092 Permissions, Privileges, and Access Controls vulnerability in XEN
The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables.
local
low complexity
xen CWE-264
6.8
2016-08-02 CVE-2016-6259 Improper Input Validation vulnerability in multiple products
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.
local
low complexity
xen citrix CWE-20
4.9
2016-06-07 CVE-2016-5242 Denial of Service vulnerability in Xen VMID Exhaustion
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them, related to VMID exhaustion.
local
xen
4.7
2016-06-07 CVE-2016-4962 Permissions, Privileges, and Access Controls vulnerability in multiple products
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
local
low complexity
oracle xen CWE-264
6.8
2016-05-25 CVE-2014-3672 Resource Exhaustion vulnerability in multiple products
The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.
local
low complexity
redhat xen CWE-400
6.5
2016-04-14 CVE-2015-8554 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path."
local
xen CWE-119
6.6
2016-04-14 CVE-2015-8550 Improper Access Control vulnerability in multiple products
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.
local
low complexity
xen novell CWE-284
5.7
2016-04-13 CVE-2015-8555 Information Exposure vulnerability in multiple products
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.
network
low complexity
citrix xen CWE-200
5.0