Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-08 CVE-2019-17343 Improper Locking vulnerability in multiple products
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
low complexity
xen debian CWE-667
6.8
2019-10-08 CVE-2019-17351 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
local
low complexity
xen linux CWE-770
6.5
2019-10-08 CVE-2019-17350 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.
local
low complexity
xen debian CWE-835
5.5
2018-12-08 CVE-2018-19967 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.
local
low complexity
xen debian CWE-20
6.5
2018-12-08 CVE-2018-19965 An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code.
local
high complexity
xen citrix debian
5.6
2018-12-08 CVE-2018-19964 Unspecified vulnerability in XEN 4.11.0/4.11.1
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.
local
low complexity
xen
6.5
2018-08-17 CVE-2018-15470 Resource Exhaustion vulnerability in XEN
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen CWE-400
6.5
2018-08-17 CVE-2018-15469 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen debian CWE-400
6.5
2018-08-17 CVE-2018-15468 Incorrect Authorization vulnerability in XEN
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen CWE-863
6.0
2018-07-02 CVE-2018-12893 An issue was discovered in Xen through 4.10.x.
local
low complexity
xen debian
6.5