Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2019-17343 | Improper Locking vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. | 6.8 |
| 2019-10-08 | CVE-2019-17351 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. | 6.5 |
| 2019-10-08 | CVE-2019-17350 | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. | 5.5 |
| 2018-12-08 | CVE-2018-19967 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix. | 6.5 |
| 2018-12-08 | CVE-2018-19965 | An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. | 5.6 |
| 2018-12-08 | CVE-2018-19964 | Unspecified vulnerability in XEN 4.11.0/4.11.1 An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions. | 6.5 |
| 2018-08-17 | CVE-2018-15470 | Resource Exhaustion vulnerability in XEN An issue was discovered in Xen through 4.11.x. | 6.5 |
| 2018-08-17 | CVE-2018-15469 | Resource Exhaustion vulnerability in multiple products An issue was discovered in Xen through 4.11.x. | 6.5 |
| 2018-08-17 | CVE-2018-15468 | Incorrect Authorization vulnerability in XEN An issue was discovered in Xen through 4.11.x. | 6.0 |
| 2018-07-02 | CVE-2018-12893 | An issue was discovered in Xen through 4.10.x. | 6.5 |