Vulnerabilities > XEN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-01 | CVE-2015-2752 | Improper Input Validation vulnerability in multiple products The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the device model (qemu-dm). | 4.9 |
| 2015-04-01 | CVE-2015-2751 | Code vulnerability in multiple products Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | 7.1 |
| 2015-03-18 | CVE-2015-2152 | Permissions, Privileges, and Access Controls vulnerability in multiple products Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. | 1.9 |
| 2015-03-12 | CVE-2015-2151 | Permissions, Privileges, and Access Controls vulnerability in multiple products The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors. | 7.2 |
| 2015-03-12 | CVE-2015-2045 | Information Exposure vulnerability in multiple products The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2015-03-12 | CVE-2015-2044 | Information Exposure vulnerability in XEN The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. | 2.1 |
| 2015-02-16 | CVE-2015-0268 | Improper Input Validation vulnerability in XEN 4.5.0 The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register. | 4.9 |
| 2015-02-09 | CVE-2015-1563 | Resource Management Errors vulnerability in multiple products The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | 2.1 |
| 2015-01-12 | CVE-2014-6268 | Resource Management Errors vulnerability in XEN 4.4.0/4.4.1 The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU. | 4.9 |
| 2015-01-07 | CVE-2015-0361 | Use After Free Denial of Service vulnerability in Xen Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. | 7.8 |