Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2017-15596 | Resource Exhaustion vulnerability in XEN An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. | 6.0 |
| 2017-10-18 | CVE-2017-15593 | Missing Release of Resource after Effective Lifetime vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. | 6.5 |
| 2017-10-18 | CVE-2017-15591 | Improper Input Validation vulnerability in XEN An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | 6.5 |
| 2017-10-18 | CVE-2017-15589 | Information Exposure vulnerability in XEN 4.9.0 An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory. | 6.5 |
| 2017-09-13 | CVE-2017-14431 | Missing Release of Resource after Effective Lifetime vulnerability in XEN Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. | 5.5 |
| 2017-09-12 | CVE-2017-14318 | NULL Pointer Dereference vulnerability in XEN An issue was discovered in Xen 4.5.x through 4.9.x. | 6.5 |
| 2017-09-12 | CVE-2017-14317 | Race Condition vulnerability in XEN A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. | 5.6 |
| 2017-08-15 | CVE-2017-12855 | Information Exposure vulnerability in XEN Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. | 6.5 |
| 2017-07-05 | CVE-2017-10923 | Improper Input Validation vulnerability in XEN Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. | 6.5 |
| 2017-07-05 | CVE-2017-10919 | Unspecified vulnerability in XEN Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. | 6.5 |