The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Citrix Hypervisor

vulnerability bulletin 28663

Xen: denial of service via Insufficient TLB Flushing

Synthesis of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Insufficient TLB Flushing of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28663, XSA-294.

Description of the vulnerability

An attacker, inside a guest system, can trigger a fatal error via Insufficient TLB Flushing of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 28662

Xen: privilege escalation via PV Kernel Context Switch

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV Kernel Context Switch of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28662, XSA-293.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via PV Kernel Context Switch of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 28661

Xen: privilege escalation via Insufficient TLB Flushing

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28661, XSA-292.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 28657

Xen: privilege escalation via Steal_page Page_struct Access Discipline

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Steal_page Page_struct Access Discipline of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Fedora, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 05/03/2019.
Identifiers: CERTFR-2019-AVI-089, CTX246572, FEDORA-2019-bce6498890, VIGILANCE-VUL-28657, XSA-287.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Steal_page Page_struct Access Discipline of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-19965

Xen: denial of service via INVPCID Non-canonical Addresses

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via INVPCID Non-canonical Addresses of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 21/11/2018.
Identifiers: CERTFR-2018-AVI-564, CERTFR-2018-AVI-566, CTX239432, CVE-2018-19965, DSA-4369-1, FEDORA-2018-2fde555d91, FEDORA-2019-3e89502cb1, FEDORA-2019-bce6498890, openSUSE-SU-2018:4111-1, openSUSE-SU-2018:4304-1, openSUSE-SU-2019:1226-1, SUSE-SU-2018:4070-1, SUSE-SU-2018:4300-1, SUSE-SU-2019:0003-1, SUSE-SU-2019:0020-1, SUSE-SU-2019:0827-1, SUSE-SU-2019:13921-1, SUSE-SU-2019:14011-1, VIGILANCE-VUL-27846, XSA-279.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via INVPCID Non-canonical Addresses of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-19961 CVE-2018-19962

Xen: privilege escalation via Insufficient AMD IOMMU TLB Flushing

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Impacted products: XenServer, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/11/2018.
Identifiers: CERTFR-2018-AVI-564, CERTFR-2018-AVI-566, CTX239432, CVE-2018-19961, CVE-2018-19962, DSA-4369-1, FEDORA-2018-2fde555d91, FEDORA-2019-3e89502cb1, FEDORA-2019-bce6498890, openSUSE-SU-2018:4111-1, openSUSE-SU-2018:4304-1, openSUSE-SU-2019:1226-1, SUSE-SU-2018:4070-1, SUSE-SU-2018:4300-1, SUSE-SU-2019:0003-1, SUSE-SU-2019:0020-1, SUSE-SU-2019:0825-1, SUSE-SU-2019:0827-1, SUSE-SU-2019:13921-1, SUSE-SU-2019:14011-1, VIGILANCE-VUL-27843, XSA-275.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via Insufficient TLB Flushing of Xen, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-18883

Xen: NULL pointer dereference via Disabled Nested VT-x

Synthesis of the vulnerability

An attacker, inside a guest system, can force a NULL pointer to be dereferenced via Disabled Nested VT-x of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 25/10/2018.
Identifiers: CERTFR-2018-AVI-514, CERTFR-2018-AVI-520, CTX239100, CVE-2018-18883, FEDORA-2018-2fde555d91, FEDORA-2018-73dd8de892, FEDORA-2018-a24754252a, FEDORA-2018-f20a0cead5, FEDORA-2019-3e89502cb1, openSUSE-SU-2018:4111-1, openSUSE-SU-2018:4304-1, SUSE-SU-2018:4070-1, SUSE-SU-2018:4300-1, SUSE-SU-2019:0003-1, VIGILANCE-VUL-27614, XSA-278.

Description of the vulnerability

An attacker, inside a guest system, can force a NULL pointer to be dereferenced via Disabled Nested VT-x of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-14007

Xen: privilege escalation via XAPI

Synthesis of the vulnerability

An attacker can bypass restrictions via XAPI of Xen, in order to escalate his privileges.
Impacted products: XenServer, Xen.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: intranet client.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-388, CERTFR-2018-AVI-391, CTX236548, CVE-2018-14007, VIGILANCE-VUL-27005, XSA-271.

Description of the vulnerability

An attacker can bypass restrictions via XAPI of Xen, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-15471

Xen: privilege escalation via Linux Netback Driver

Synthesis of the vulnerability

An attacker can bypass restrictions via Linux Netback Driver of Xen, in order to escalate his privileges.
Impacted products: XenServer, Debian, Fedora, Linux, Ubuntu, Xen.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading, denial of service on server.
Provenance: user shell.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-388, CERTFR-2018-AVI-391, CERTFR-2018-AVI-557, CTX236548, CVE-2018-15471, DLA-1715-1, DSA-4313-1, FEDORA-2018-79d7c3d2df, FEDORA-2018-8422d94975, USN-3819-1, USN-3820-1, USN-3820-2, USN-3820-3, VIGILANCE-VUL-27004, XSA-270.

Description of the vulnerability

An attacker can bypass restrictions via Linux Netback Driver of Xen, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-15468

Xen: denial of service via x86 MSR_DEBUGCTL

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via x86 MSR_DEBUGCTL of Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-388, CERTFR-2018-AVI-391, CTX236548, CVE-2018-15468, FEDORA-2018-683dfde81a, FEDORA-2018-915602df63, openSUSE-SU-2018:4304-1, SUSE-SU-2018:3332-1, SUSE-SU-2018:3490-1, SUSE-SU-2018:4300-1, VIGILANCE-VUL-27003, XSA-269.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via x86 MSR_DEBUGCTL of Xen, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Citrix Hypervisor: