Vulnerabilities > XEN > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-23 CVE-2020-25599 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
high complexity
xen fedoraproject opensuse debian CWE-362
7.0
2020-09-23 CVE-2020-25595 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject debian opensuse CWE-269
7.8
2020-07-20 CVE-2020-15852 Incorrect Default Permissions vulnerability in multiple products
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests.
local
low complexity
linux xen netapp CWE-276
7.8
2020-07-07 CVE-2020-15567 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE.
local
high complexity
xen debian opensuse fedoraproject CWE-362
7.8
2020-07-07 CVE-2020-15565 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d.
local
low complexity
xen debian fedoraproject opensuse CWE-400
8.8
2020-04-14 CVE-2020-11741 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges.
local
low complexity
xen fedoraproject debian opensuse CWE-909
8.8
2020-04-14 CVE-2020-11739 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths.
local
high complexity
xen fedoraproject debian opensuse CWE-362
7.8
2019-12-11 CVE-2019-19583 An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case.
network
low complexity
xen fedoraproject opensuse debian
7.5
2019-12-11 CVE-2019-19578 Incorrect Calculation vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595.
local
low complexity
xen fedoraproject CWE-682
8.8
2019-12-11 CVE-2019-19577 Improper Synchronization vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates.
low complexity
xen fedoraproject CWE-662
7.2