Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-12 | CVE-2017-17563 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging an incorrect mask for reference-count overflow checking in shadow mode. | 6.9 |
| 2017-11-28 | CVE-2017-17044 | Infinite Loop vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | 4.9 |
| 2017-10-18 | CVE-2017-15596 | Resource Exhaustion vulnerability in XEN An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. | 4.9 |
| 2017-10-18 | CVE-2017-15594 | Unspecified vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. | 4.6 |
| 2017-10-18 | CVE-2017-15593 | Missing Release of Resource after Effective Lifetime vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. | 4.9 |
| 2017-10-18 | CVE-2017-15591 | Improper Input Validation vulnerability in XEN An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | 4.9 |
| 2017-10-18 | CVE-2017-15590 | Unspecified vulnerability in XEN 4.9.0 An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled. | 4.6 |
| 2017-10-18 | CVE-2017-15588 | Race Condition vulnerability in XEN 4.9.0 An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry. | 6.9 |
| 2017-09-13 | CVE-2017-14431 | Missing Release of Resource after Effective Lifetime vulnerability in XEN Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. | 4.9 |
| 2017-09-12 | CVE-2017-14318 | NULL Pointer Dereference vulnerability in XEN An issue was discovered in Xen 4.5.x through 4.9.x. | 4.9 |