Vulnerabilities > XEN > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-08 | CVE-2021-28701 | Race Condition vulnerability in multiple products Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. | 7.8 |
2021-08-27 | CVE-2021-28697 | Race Condition vulnerability in multiple products grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. | 7.8 |
2020-12-15 | CVE-2020-29487 | Allocation of Resources Without Limits or Throttling vulnerability in XEN Xapi An issue was discovered in Xen XAPI before 2020-12-15. | 7.8 |
2020-12-15 | CVE-2020-29481 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 8.8 |
2020-12-15 | CVE-2020-29479 | Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 8.8 |
2020-12-15 | CVE-2020-29569 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. | 8.8 |
2020-10-22 | CVE-2020-27672 | Use After Free vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. | 7.0 |
2020-10-22 | CVE-2020-27671 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | 7.8 |
2020-10-22 | CVE-2020-27670 | Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | 7.8 |
2020-09-23 | CVE-2020-25603 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 7.8 |