U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*
  • CPE Name Search: true
There are 24 matching records.
Displaying matches 21 through 24.
Vuln ID Summary CVSS Severity

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.

Published: June 13, 2016; 10:59:10 AM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

Published: May 11, 2016; 5:59:02 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

Published: May 11, 2016; 5:59:01 PM -0400
V3.1: 8.8 HIGH
V2.0: 7.2 HIGH

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.

Published: January 22, 2016; 10:59:06 AM -0500
V3.0: 6.3 MEDIUM
V2.0: 4.7 MEDIUM