High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-23	CVE-2020-25599	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local high complexity xen fedoraproject opensuse debian CWE-362	7.0
2020-09-23	CVE-2020-25595	Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject debian opensuse CWE-269	7.8
2020-07-20	CVE-2020-15852	Incorrect Default Permissions vulnerability in multiple products An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. local low complexity linux xen netapp CWE-276	7.8
2020-07-07	CVE-2020-15567	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. local high complexity xen debian opensuse fedoraproject CWE-362	7.8
2020-07-07	CVE-2020-15565	Resource Exhaustion vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. local low complexity xen debian fedoraproject opensuse CWE-400	8.8
2020-04-14	CVE-2020-11741	Missing Initialization of Resource vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. local low complexity xen fedoraproject debian opensuse CWE-909	8.8
2020-04-14	CVE-2020-11739	Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. local high complexity xen fedoraproject debian opensuse CWE-362	7.8
2019-12-11	CVE-2019-19583	An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case. network low complexity xen fedoraproject opensuse debian	7.5
2019-12-11	CVE-2019-19578	Incorrect Calculation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. local low complexity xen fedoraproject CWE-682	8.8
2019-12-11	CVE-2019-19577	Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. low complexity xen fedoraproject CWE-662	7.2