Xen Server Citrix Xen Server

Do you want an email whenever new security vulnerabilities are reported in Citrix Xen Server?

By the Year

In 2021 there have been 0 vulnerabilities in Citrix Xen Server . Xen Server did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 6 7.40

It may take a day or so for new Xen Server vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Citrix Xen Server Security Vulnerabilities

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly

CVE-2018-19961 7.8 - High - December 08, 2018

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.

Insufficient Cleanup

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly

CVE-2018-19962 7.8 - High - December 08, 2018

An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.

Information Disclosure

An issue was discovered in Xen through 4.11.x

CVE-2018-19965 5.6 - Medium - December 08, 2018

An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.

Citrix XenServer 7.1 and newer

CVE-2018-14007 9.8 - Critical - August 15, 2018

Citrix XenServer 7.1 and newer allows Directory Traversal.

Directory traversal

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially

CVE-2018-3665 5.6 - Medium - June 21, 2018

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.

Information Disclosure

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions

CVE-2018-8897 7.8 - High - May 08, 2018

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.

Race Condition

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77

CVE-2015-7704 7.5 - High - August 07, 2017

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

Improper Input Validation

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77

CVE-2015-7705 9.8 - Critical - August 07, 2017

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

Improper Input Validation

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which

CVE-2016-3710 8.8 - High - May 11, 2016

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Buffer Overflow

Integer overflow in the VGA module in QEMU

CVE-2016-3712 5.5 - Medium - May 11, 2016

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.CWE-190: Integer Overflow or Wraparound

Integer Overflow or Wraparound

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might

CVE-2015-4106 - June 03, 2015

QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Suse Linux Enterprise Software Development Kit or by Citrix? Click the Watch button to subscribe.

subscribe