Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-12 | CVE-2017-14317 | Race Condition vulnerability in XEN A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. | 4.7 |
| 2017-08-24 | CVE-2017-12136 | Race Condition vulnerability in multiple products Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | 6.9 |
| 2017-08-24 | CVE-2017-12135 | Incorrect Calculation vulnerability in multiple products Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | 4.6 |
| 2017-07-05 | CVE-2017-10923 | Improper Input Validation vulnerability in XEN Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. | 5.0 |
| 2017-07-05 | CVE-2017-10922 | Resource Exhaustion vulnerability in XEN The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. | 5.0 |
| 2017-07-05 | CVE-2017-10919 | Denial of Service vulnerability in Xen 'xen/arch/arm/gic.c' Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. | 5.0 |
| 2017-07-05 | CVE-2017-10916 | Information Exposure vulnerability in XEN The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220. | 5.0 |
| 2017-07-05 | CVE-2017-10915 | Race Condition vulnerability in XEN The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219. | 6.8 |
| 2017-07-05 | CVE-2017-10914 | Race Condition vulnerability in XEN The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2. | 6.8 |
| 2017-05-11 | CVE-2017-8905 | Incorrect Calculation vulnerability in XEN Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215. | 6.8 |