High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-10-22	CVE-2020-27671	An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. local high complexity xen opensuse debian fedoraproject	7.8
2020-10-22	CVE-2020-27670	Insufficient Verification of Data Authenticity vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. local high complexity xen opensuse fedoraproject debian CWE-345	7.8
2020-09-23	CVE-2020-25603	Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject opensuse debian CWE-670	7.8
2020-09-23	CVE-2020-25599	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local high complexity xen fedoraproject opensuse debian CWE-362	7.0
2020-09-23	CVE-2020-25595	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject debian opensuse CWE-269	7.8
2020-07-20	CVE-2020-15852	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. local low complexity linux xen netapp CWE-276	7.8
2020-07-07	CVE-2020-15567	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. local high complexity xen debian opensuse fedoraproject CWE-362	7.8
2020-07-07	CVE-2020-15565	Resource Exhaustion vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. local low complexity xen debian fedoraproject opensuse CWE-400	8.8
2020-04-14	CVE-2020-11741	Missing Initialization of Resource vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. local low complexity xen fedoraproject debian opensuse CWE-909	8.8
2020-04-14	CVE-2020-11739	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. local high complexity xen fedoraproject debian opensuse CWE-362	7.8