Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-10-08 CVE-2019-17351 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.
local
low complexity
xen linux CWE-770
4.9
2019-10-08 CVE-2019-17350 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.
local
low complexity
xen debian CWE-835
5.5
2018-12-08 CVE-2018-19967 Improper Input Validation vulnerability in multiple products
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix.
local
low complexity
xen debian CWE-20
4.9
2018-12-08 CVE-2018-19965 An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code.
local
high complexity
xen citrix debian
5.6
2018-12-08 CVE-2018-19964 Unspecified vulnerability in XEN 4.11.0/4.11.1
An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.
local
low complexity
xen
4.9
2018-12-08 CVE-2018-19963 Reachable Assertion vulnerability in XEN 4.11.0
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.
local
xen CWE-617
6.9
2018-08-17 CVE-2018-15470 Resource Exhaustion vulnerability in XEN
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen CWE-400
4.9
2018-08-17 CVE-2018-15469 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen debian CWE-400
4.9
2018-08-17 CVE-2018-15468 Incorrect Authorization vulnerability in XEN
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen CWE-863
4.9
2018-07-02 CVE-2018-12892 Information Exposure vulnerability in multiple products
An issue was discovered in Xen 4.7 through 4.10.x.
network
low complexity
debian xen CWE-200
6.5