Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-28701 Race Condition vulnerability in multiple products
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.
local
high complexity
xen debian fedoraproject CWE-362
7.8
2021-08-27 CVE-2021-28697 Race Condition vulnerability in multiple products
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory.
local
low complexity
xen fedoraproject debian CWE-362
7.8
2020-12-15 CVE-2020-29487 Allocation of Resources Without Limits or Throttling vulnerability in XEN Xapi
An issue was discovered in Xen XAPI before 2020-12-15.
network
low complexity
xen CWE-770
7.8
2020-12-15 CVE-2020-29481 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-269
8.8
2020-12-15 CVE-2020-29479 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
8.8
2020-12-15 CVE-2020-29569 Use After Free vulnerability in multiple products
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x.
local
low complexity
xen linux netapp debian CWE-416
8.8
2020-10-22 CVE-2020-27672 Use After Free vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.
local
high complexity
xen fedoraproject opensuse debian CWE-416
7.0
2020-10-22 CVE-2020-27671 An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
local
high complexity
xen opensuse debian fedoraproject
7.8
2020-10-22 CVE-2020-27670 Insufficient Verification of Data Authenticity vulnerability in multiple products
An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.
local
high complexity
xen opensuse fedoraproject debian CWE-345
7.8
2020-09-23 CVE-2020-25603 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject opensuse debian CWE-670
7.8