Vulnerabilities > XEN

DATE CVE VULNERABILITY TITLE RISK
2020-12-15 CVE-2020-29479 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
8.8
8.8
2020-12-15 CVE-2020-29571 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-476
6.2
6.2
2020-12-15 CVE-2020-29570 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-770
6.2
6.2
2020-12-15 CVE-2020-29569 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x.
local
low complexity
xen linux netapp debian CWE-416
8.8
8.8
2020-12-15 CVE-2020-29568 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian CWE-770
6.5
6.5
2020-12-15 CVE-2020-29567 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Xen 4.14.x.
local
low complexity
xen fedoraproject CWE-770
6.2
6.2
2020-12-15 CVE-2020-29566 Uncontrolled Recursion vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-674
5.5
5.5
2020-11-24 CVE-2020-29040 Off-by-one Error vulnerability in XEN
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error.
local
low complexity
xen CWE-193
8.8
8.8
2020-11-10 CVE-2020-28368 Missing Authorization vulnerability in multiple products
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack.
local
low complexity
xen fedoraproject debian CWE-862
4.4
4.4
2020-10-22 CVE-2020-27674 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.
local
low complexity
xen fedoraproject debian CWE-787
5.3
5.3