threat
engine
.sh
Back
·
··:··
Home
/
Product
/
citrix xenserver
Product
citrix xenserver
50 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-5661
all versions
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a
6.0
MEDIUM
CVE-2012-4606
all versions
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Priv
7.8
HIGH
CVE-2014-3798
all versions
The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS cra
6.5
MEDIUM
CVE-2018-19965
all versions
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) becau
5.6
MEDIUM
CVE-2018-19962
all versions
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges be
7.8
HIGH
CVE-2018-19961
all versions
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges be
7.8
HIGH
CVE-2018-14007
all versions
Citrix XenServer 7.1 and newer allows Directory Traversal.
9.8
CRITICAL
CVE-2016-9603
all versions
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue c
5.5
MEDIUM
CVE-2017-2620
all versions
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access iss
5.5
MEDIUM
CVE-2017-2615
all versions
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It coul
5.5
MEDIUM
CVE-2018-3665
all versions
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow
5.6
MEDIUM
CVE-2018-8897
all versions
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandl
7.8
HIGH
CVE-2017-12137
all versions
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
8.8
HIGH
CVE-2017-12136
all versions
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of servic
7.8
HIGH
CVE-2017-12135
all versions
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges v
8.8
HIGH
CVE-2017-12134
all versions
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device d
8.8
HIGH
CVE-2015-7705
all versions
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via
9.8
CRITICAL
CVE-2015-7704
all versions
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a numbe
7.5
HIGH
CVE-2016-9637
all versions
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 H
7.5
HIGH
CVE-2017-5573
all versions
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can
4.9
MEDIUM
CVE-2017-5572
all versions
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cor
6.5
MEDIUM
CVE-2016-10025
all versions
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS
5.5
MEDIUM
CVE-2016-10024
all versions
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifyin
6.0
MEDIUM
CVE-2016-9386
all versions
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM g
7.8
HIGH
CVE-2016-9385
all versions
The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause
6.0
MEDIUM
CVE-2016-9383
all versions
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensi
8.8
HIGH
CVE-2016-9382
all versions
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privile
7.8
HIGH
CVE-2016-9381
all versions
Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared r
7.5
HIGH
CVE-2016-9380
all versions
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administ
7.5
HIGH
CVE-2016-9379
all versions
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administr
7.9
HIGH
CVE-2016-6259
all versions
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event deliv
6.2
MEDIUM
CVE-2016-6258
all versions
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS pri
8.8
HIGH
CVE-2016-5302
<= 7.0
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attac
9.8
CRITICAL
CVE-2016-3712
<= 7.0
Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU p
5.5
MEDIUM
CVE-2016-3710
<= 7.0
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administr
8.8
HIGH
CVE-2015-8555
all versions
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to ma
8.6
HIGH
CVE-2016-1571
<= 6.5
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtual
6.3
MEDIUM
CVE-2015-4106
all versions
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local
CVE-2014-4948
all versions
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obt
CVE-2014-4947
all versions
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and
CVE-2012-5512
all versions
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of ser
CVE-2012-3516
<= 6.0.2
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest ke
CVE-2012-3498
<= 6.0.2
PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial o
CVE-2012-3496
<= 6.0.2
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used
CVE-2012-3495
<= 6.0.2
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return valu
CVE-2012-3494
<= 6.0.2
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when ru
CVE-2012-0217
<= 6.0.2
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other prod
CVE-2010-2619
<= 5.5
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a
CVE-2010-0633
<= 5.0
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and e
CVE-2008-3253
all versions
Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Editi
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin