Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-07-02 CVE-2018-12891 An issue was discovered in Xen through 4.10.x.
local
low complexity
debian xen
4.9
2018-05-10 CVE-2018-10981 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
local
low complexity
debian xen CWE-835
4.9
2018-04-27 CVE-2018-10471 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
local
low complexity
xen debian CWE-787
4.9
2018-02-27 CVE-2018-7542 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC.
local
low complexity
xen debian CWE-476
4.9
2018-02-27 CVE-2018-7541 An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
local
low complexity
xen debian
6.1
2018-02-27 CVE-2018-7540 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
local
low complexity
xen debian CWE-400
4.9
2018-01-05 CVE-2018-5244 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN
In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests.
local
low complexity
xen CWE-119
4.9
2017-12-12 CVE-2017-17566 Unspecified vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
local
xen
6.9
2017-12-12 CVE-2017-17565 Improper Input Validation vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) if shadow mode and log-dirty mode are in place, because of an incorrect assertion related to M2P.
local
xen CWE-20
4.7
2017-12-12 CVE-2017-17564 7PK - Errors vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counting in shadow mode.
local
xen CWE-388
6.9