RSS   Vulnerabilities for 'XEN'   RSS

2011-08-19
 
CVE-2011-3262

CWE-399
 

 
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."

 
2011-08-12
 
CVE-2011-1898

CWE-264
 

 
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

 
 
CVE-2011-1583

CWE-189
 

 
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

 
2011-01-24
 
CVE-2010-4255

CWE-Other
 

 
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.

 
2011-01-10
 
CVE-2010-4247

CWE-20
 

 
The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information.

 
2011-01-22
 
CVE-2010-4238

CWE-264
 

 
The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information.

 
2010-12-08
 
CVE-2010-3699

CWE-399
 

 
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.

 
2008-12-24
 
CVE-2008-5716

CWE-264
 

 
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

 
2008-10-03
 
CVE-2008-4405

CWE-264
 

 
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

 

 >>> Vendor: Citrix 77 Products
Metaframe
Winframe
Nfuse
Ica client
Access essentials
Metaframe presentation server
Presentation server
Metaframe client
Program neighborhood agent
Metaframe password manager
Ica program neighborhood client
Metaframe secure access manager
Program neighborhood client
Access gateway
Presentation server client
Endpoint analysis client
Netscaler
Edgesight for endpoints
Edgesight for netscaler
Edgesight for presentation server
Web interface
Desktop server
Citrix presentation server
Xenserver
XP
XEN
Xenapp
Deterministic network enhancer
Broadcast server
Netscaler access gateway firmware
Secure gateway
Licensing
Xencenterweb
Online plug-in for mac
Online plug-in for windows
Receiver for iphone
Ica client for linux
Ica client for solaris
Online plug-in for mac for xenapp & xendesktop
Online plug-in for windows for xenapp & xendesktop
Receiver for windows mobile
Licensing administration console
Provisioning services
Cloudstack
Xendesktop
Netscaler access gateway
Xenclient xt
Cloudportal services manager
Netscaler application delivery controller
Netscaler application delivery controller firmware
Gotomeeting
Xenmobile device manager
Xenmobile device manager mdm
Sharefile mobile
Sharefile mobile for tablets
Vdi-in-a-box
Cloudplatform
Access gateway plug-in
Xenmobile
Netscaler gateway firmware
Command center
Netscaler service delivery appliance service vm
Xenmobile server
Netscaler gateway 11.0 firmware
Ios receiver
Worx home
Xenmobile mdx toolkit
Linux virtual delivery agent
License server
License server vpx
Receiver desktop
Netscaler sd-wan
Netscaler gateway
Application delivery controller firmware
Sd-wan
Sharefile
Receiver


Copyright 2019, cxsecurity.com

 

Back to Top