Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-33746 | Improper Resource Shutdown or Release vulnerability in multiple products P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. | 6.5 |
| 2022-10-11 | CVE-2022-33748 | Improper Handling of Exceptional Conditions vulnerability in multiple products lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. | 5.6 |
| 2022-10-11 | CVE-2022-33749 | Allocation of Resources Without Limits or Throttling vulnerability in XEN Xapi XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. | 5.3 |
| 2022-07-12 | CVE-2022-29900 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 6.5 |
| 2022-07-12 | CVE-2022-29901 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. | 6.5 |
| 2022-06-15 | CVE-2022-21166 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-15 | CVE-2022-21123 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-15 | CVE-2022-21125 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-15 | CVE-2022-21127 | Incomplete Cleanup vulnerability in multiple products Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2022-06-09 | CVE-2022-26362 | Race Condition vulnerability in multiple products x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. | 6.4 |