The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of XenServer

Xen: privilege escalation via Grant Table Operations
An attacker, inside a guest system, can bypass restrictions via Grant Table Operations of Xen, in order to escalate his privileges on the host system...
CERTFR-2017-AVI-190, CERTFR-2017-AVI-195, CTX224740, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922, DLA-1132-1, DSA-3969-1, FEDORA-2017-b3bdaf58bc, FEDORA-2017-c3149b5fcb, openSUSE-SU-2017:1826-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, VIGILANCE-VUL-23035, XSA-224
Xen: privilege escalation via Stale P2M Mappings
An attacker, inside a guest system, can bypass restrictions via Stale P2M Mappings of Xen, in order to escalate his privileges on the host system...
CERTFR-2017-AVI-190, CERTFR-2017-AVI-195, CTX224740, CVE-2017-10918, DLA-1132-1, DSA-3969-1, FEDORA-2017-b3bdaf58bc, FEDORA-2017-c3149b5fcb, openSUSE-SU-2017:1826-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, VIGILANCE-VUL-23033, XSA-222
Xen: NULL pointer dereference via Event Channel Poll
An attacker, inside a guest system, can force a NULL pointer to be dereferenced via Event Channel Poll of Xen, in order to trigger a denial of service on the host system...
CERTFR-2017-AVI-190, CERTFR-2017-AVI-195, CTX224740, CVE-2017-10917, DSA-3969-1, FEDORA-2017-b3bdaf58bc, FEDORA-2017-c3149b5fcb, openSUSE-SU-2017:1826-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, VIGILANCE-VUL-23032, XSA-221
Xen: privilege escalation via Shadow Emulation
An attacker, inside a guest system, can bypass restrictions via Shadow Emulation of Xen, in order to escalate his privileges on the host system...
CERTFR-2017-AVI-190, CERTFR-2017-AVI-195, CTX224740, CVE-2017-10915, DLA-1132-1, DSA-3969-1, FEDORA-2017-b3bdaf58bc, FEDORA-2017-c3149b5fcb, openSUSE-SU-2017:1826-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, VIGILANCE-VUL-23030, XSA-219
Xen: privilege escalation via Grant Table Unmap
An attacker, inside a guest system, can bypass restrictions via Grant Table Unmap of Xen, in order to escalate his privileges on the host system...
CERTFR-2017-AVI-190, CERTFR-2017-AVI-195, CTX224740, CVE-2017-10913, CVE-2017-10914, DLA-1132-1, DSA-3969-1, FEDORA-2017-b3bdaf58bc, FEDORA-2017-c3149b5fcb, openSUSE-SU-2017:1826-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, VIGILANCE-VUL-23029, XSA-218
Xen: privilege escalation via Page Transfer
An attacker, inside a guest system, can bypass restrictions via Page Transfer of Xen, in order to escalate his privileges on the host system...
CERTFR-2017-AVI-190, CERTFR-2017-AVI-195, CTX224740, CVE-2017-10912, DLA-1132-1, DSA-3969-1, FEDORA-2017-b3bdaf58bc, FEDORA-2017-c3149b5fcb, openSUSE-SU-2017:1826-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, VIGILANCE-VUL-23028, XSA-217
Xen: information disclosure via Block Interface Response
A local attacker, inside a guest system, can read a memory fragment via Block Interface Response of Xen, in order to obtain sensitive information on the host system...
CERTFR-2017-AVI-190, CERTFR-2017-AVI-195, CERTFR-2017-AVI-384, CTX224740, CVE-2017-10911, DLA-1099-1, DLA-1497-1, DSA-3920-1, DSA-3927-1, FEDORA-2017-b3bdaf58bc, FEDORA-2017-c3149b5fcb, openSUSE-SU-2017:2938-1, openSUSE-SU-2017:2941-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, SUSE-SU-2017:2924-1, SUSE-SU-2017:2936-1, SUSE-SU-2017:2946-1, USN-3414-1, USN-3414-2, USN-3468-1, USN-3468-2, USN-3468-3, USN-3469-1, USN-3469-2, USN-3470-1, USN-3470-2, VIGILANCE-VUL-23027, XSA-216
Xen: page table corruption via the IRET hypercall
A privileged attacker in the guest system can generate a memory corruption via the IRET hypercall of Xen, in order to get hight privileges on the host system...
1231, CERTFR-2017-AVI-137, CTX223291, CVE-2017-8903, DLA-964-1, FEDORA-2017-5ae70ac6a5, FEDORA-2017-c9d71f0860, SUSE-SU-2017:1146-1, VIGILANCE-VUL-22622, XSA-213
Xen: memory corruption via the fallback exception handler
An attacker, inside a guest system, can generate a memory corruption via the exception handler of Xen, in order to trigger a denial of service, and possibly to run code on the host system...
CERTFR-2017-AVI-137, CTX223291, CVE-2017-8905, DLA-964-1, FEDORA-2017-c9d71f0860, SUSE-SU-2017:1715-1, SUSE-SU-2017:1770-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, VIGILANCE-VUL-22627, XSA-215
Xen: segment table corruption in inter-guest communication
A privileged attacker, inside a guest system, can tamper with the segment table via Xen communication support, in order to escalate his privileges on the host system...
CERTFR-2017-AVI-137, CTX223291, CVE-2017-8904, DLA-964-1, FEDORA-2017-5ae70ac6a5, FEDORA-2017-c9d71f0860, SUSE-SU-2017:1146-1, VIGILANCE-VUL-22625, XSA-214
Our database contains other pages. You can request a free trial to read them.

Display information about XenServer: