Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-09-12 CVE-2017-14317 Race Condition vulnerability in XEN
A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x.
local
xen CWE-362
4.7
2017-08-24 CVE-2017-12136 Race Condition vulnerability in multiple products
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
6.9
2017-08-24 CVE-2017-12135 Incorrect Calculation vulnerability in multiple products
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
local
low complexity
xen citrix debian CWE-682
4.6
2017-07-05 CVE-2017-10923 Improper Input Validation vulnerability in XEN
Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.
network
low complexity
xen CWE-20
5.0
2017-07-05 CVE-2017-10922 Resource Exhaustion vulnerability in XEN
The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3.
network
low complexity
xen CWE-400
5.0
2017-07-05 CVE-2017-10919 Denial of Service vulnerability in Xen 'xen/arch/arm/gic.c'
Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.
network
low complexity
xen
5.0
2017-07-05 CVE-2017-10916 Information Exposure vulnerability in XEN
The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
network
low complexity
xen CWE-200
5.0
2017-07-05 CVE-2017-10915 Race Condition vulnerability in XEN
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
network
xen CWE-362
6.8
2017-07-05 CVE-2017-10914 Race Condition vulnerability in XEN
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
network
xen CWE-362
6.8
2017-05-11 CVE-2017-8905 Incorrect Calculation vulnerability in XEN
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
local
low complexity
xen CWE-682
6.8