High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-08	CVE-2021-28701	Race Condition vulnerability in multiple products Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. local high complexity xen debian fedoraproject CWE-362	7.8
2021-08-27	CVE-2021-28697	Race Condition vulnerability in multiple products grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. local low complexity xen fedoraproject debian CWE-362	7.8
2020-12-15	CVE-2020-29487	Allocation of Resources Without Limits or Throttling vulnerability in XEN Xapi An issue was discovered in Xen XAPI before 2020-12-15. network low complexity xen CWE-770	7.8
2020-12-15	CVE-2020-29481	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-269	8.8
2020-12-15	CVE-2020-29479	Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen debian fedoraproject CWE-862	8.8
2020-12-15	CVE-2020-29569	Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. local low complexity xen linux netapp debian CWE-416	8.8
2020-10-22	CVE-2020-27672	Use After Free vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages. local high complexity xen fedoraproject opensuse debian CWE-416	7.0
2020-10-22	CVE-2020-27671	An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. local high complexity xen opensuse debian fedoraproject	7.8
2020-10-22	CVE-2020-27670	Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. local high complexity xen opensuse fedoraproject debian CWE-345	7.8
2020-09-23	CVE-2020-25603	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject opensuse debian CWE-670	7.8