Vulnerabilities > XEN > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-29566 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-11-24 | CVE-2020-29040 | Off-by-one Error vulnerability in XEN An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. | 4.6 |
| 2020-11-10 | CVE-2020-28368 | Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. | 4.4 |
| 2020-10-22 | CVE-2020-27674 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique. | 5.3 |
| 2020-10-22 | CVE-2020-27673 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 5.5 |
| 2020-09-23 | CVE-2020-25604 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 4.7 |
| 2020-09-23 | CVE-2020-25602 | Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.0 |
| 2020-09-23 | CVE-2020-25601 | An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-09-23 | CVE-2020-25600 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 5.5 |
| 2020-09-23 | CVE-2020-25598 | Always-Incorrect Control Flow Implementation vulnerability in multiple products An issue was discovered in Xen 4.14.x. | 5.5 |