cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-5661,https://securityvulnerability.io/vulnerability/CVE-2024-5661,Potential Denial of Service affecting XenServer and Citrix Hypervisor,An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.,Citrix,"Citrix Hypervisor,Xenserver",6,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-13T05:58:45.694Z,0
CVE-2012-4606,https://securityvulnerability.io/vulnerability/CVE-2012-4606,Local Privilege Escalation Vulnerability in Citrix XenServer Products,"Citrix XenServer contains a local privilege escalation vulnerability that allows local users with access to a guest operating system to potentially elevate their privileges. This issue affects various versions of XenServer, making it critical for administrators to implement necessary updates and configurations to mitigate the risks associated with unauthorized access. For further details, consult related security advisories.",Citrix,Xenserver,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-01-23T21:39:51.000Z,0
CVE-2014-3798,https://securityvulnerability.io/vulnerability/CVE-2014-3798,Denial of Service Vulnerability in Citrix XenServer by Remote Attackers,"The Windows Guest Tools in Citrix XenServer versions 6.2 SP1 and earlier are susceptible to a vulnerability that allows remote attackers to exploit crafted Ethernet frames, potentially leading to a denial of service that crashes the guest operating system. This issue poses a significant risk, as it can disrupt the availability of services relying on the affected guest OS.",Citrix,Xenserver,6.5,MEDIUM,0.003599999938160181,false,,false,false,false,,,false,false,,2019-07-11T19:14:08.000Z,0
CVE-2018-14007,https://securityvulnerability.io/vulnerability/CVE-2018-14007,,Citrix XenServer 7.1 and newer allows Directory Traversal.,Citrix,Xenserver,9.8,CRITICAL,0.007849999703466892,false,,false,false,false,,,false,false,,2018-08-15T18:00:00.000Z,0
CVE-2016-9637,https://securityvulnerability.io/vulnerability/CVE-2016-9637,,"The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.",Citrix,Xenserver,7.5,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-02-17T02:59:00.000Z,0
CVE-2017-5573,https://securityvulnerability.io/vulnerability/CVE-2017-5573,,An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.,Citrix,Xenserver,4.9,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2017-01-30T16:00:00.000Z,0
CVE-2017-5572,https://securityvulnerability.io/vulnerability/CVE-2017-5572,,An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.,Citrix,Xenserver,6.5,MEDIUM,0.0012199999764561653,false,,false,false,false,,,false,false,,2017-01-30T16:00:00.000Z,0
CVE-2016-9386,https://securityvulnerability.io/vulnerability/CVE-2016-9386,,"The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving ""unexpected"" base/limit values.",Citrix,Xenserver,7.8,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2017-01-23T21:00:00.000Z,0
CVE-2016-5302,https://securityvulnerability.io/vulnerability/CVE-2016-5302,,"Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to ""compromise"" a host by leveraging credentials for an Active Directory account.",Citrix,Xenserver,9.8,CRITICAL,0.007470000069588423,false,,false,false,false,,,false,false,,2016-06-13T14:00:00.000Z,0
CVE-2015-8555,https://securityvulnerability.io/vulnerability/CVE-2015-8555,,"Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.",Citrix,Xenserver,8.6,HIGH,0.0032999999821186066,false,,false,false,false,,,false,false,,2016-04-13T15:00:00.000Z,0
CVE-2016-1571,https://securityvulnerability.io/vulnerability/CVE-2016-1571,,"The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.",Citrix,Xenserver,6.3,MEDIUM,0.0021100000012665987,false,,false,false,false,,,false,false,,2016-01-22T15:00:00.000Z,0
CVE-2014-4948,https://securityvulnerability.io/vulnerability/CVE-2014-4948,,Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).,Citrix,Xenserver,,,0.004509999882429838,false,,false,false,false,,,false,false,,2014-07-22T20:00:00.000Z,0
CVE-2014-4947,https://securityvulnerability.io/vulnerability/CVE-2014-4947,,Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.,Citrix,Xenserver,,,0.006630000192672014,false,,false,false,false,,,false,false,,2014-07-22T20:00:00.000Z,0
CVE-2012-5512,https://securityvulnerability.io/vulnerability/CVE-2012-5512,,Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.,Citrix,Xenserver,,,0.0006600000197067857,false,,false,false,false,,,false,false,,2012-12-13T11:00:00.000Z,0
CVE-2012-3496,https://securityvulnerability.io/vulnerability/CVE-2012-3496,,"XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.",Citrix,"Xenserver,Xen",,,0.0006399999838322401,false,,false,false,false,,,false,false,,2012-11-23T20:00:00.000Z,0
CVE-2012-3516,https://securityvulnerability.io/vulnerability/CVE-2012-3516,,The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.,Citrix,"Xenserver,Xen",,,0.0006200000061653554,false,,false,false,false,,,false,false,,2012-11-23T20:00:00.000Z,0
CVE-2012-3498,https://securityvulnerability.io/vulnerability/CVE-2012-3498,,PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.,Citrix,"Xenserver,Xen",,,0.0006399999838322401,false,,false,false,false,,,false,false,,2012-11-23T20:00:00.000Z,0
CVE-2010-2619,https://securityvulnerability.io/vulnerability/CVE-2010-2619,,"Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger ""incorrectly set flags.""",Citrix,Xenserver,,,0.000590000010561198,false,,false,false,false,,,false,false,,2010-07-02T20:30:00.000Z,0
CVE-2010-0633,https://securityvulnerability.io/vulnerability/CVE-2010-0633,,"Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.",Citrix,Xenserver,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2010-02-12T22:30:00.000Z,0
CVE-2008-3253,https://securityvulnerability.io/vulnerability/CVE-2008-3253,,"Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",Citrix,Xenserver,,,0.0025100000202655792,false,,false,false,false,,,false,false,,2008-07-22T16:00:00.000Z,0