Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-27 | CVE-2021-28699 | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. | 5.5 |
| 2021-08-27 | CVE-2021-28700 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. | 4.9 |
| 2021-06-30 | CVE-2021-28692 | Improper Privilege Management vulnerability in XEN inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. | 5.6 |
| 2021-06-29 | CVE-2021-28690 | Unspecified vulnerability in XEN x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. | 4.0 |
| 2021-06-11 | CVE-2021-28687 | Missing Initialization of Resource vulnerability in XEN HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. | 4.9 |
| 2021-06-11 | CVE-2021-28689 | Improper Cross-boundary Removal of Sensitive Data vulnerability in XEN x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. | 5.5 |
| 2021-06-09 | CVE-2021-26314 | Information Exposure Through Discrepancy vulnerability in multiple products Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. | 5.5 |
| 2021-03-05 | CVE-2021-28039 | Incorrect Calculation of Buffer Size vulnerability in multiple products An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. | 6.5 |
| 2021-02-18 | CVE-2021-27379 | An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. | 5.9 |
| 2021-02-17 | CVE-2021-26933 | An issue was discovered in Xen 4.9 through 4.14.x. | 5.5 |