Vulnerabilities > XEN > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-23 CVE-2020-25600 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject opensuse debian CWE-787
5.5
2020-09-23 CVE-2020-25598 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen 4.14.x.
local
low complexity
xen fedoraproject opensuse CWE-670
5.5
2020-09-23 CVE-2020-25597 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject CWE-755
6.5
2020-09-23 CVE-2020-25596 Injection vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject debian opensuse CWE-74
5.5
2020-07-07 CVE-2020-15566 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation.
local
low complexity
xen debian CWE-754
6.5
2020-07-07 CVE-2020-15564 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info.
local
low complexity
xen debian fedoraproject CWE-119
6.5
2020-07-07 CVE-2020-15563 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash.
local
low complexity
xen debian fedoraproject opensuse CWE-119
6.5
2020-04-14 CVE-2020-11743 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant.
local
low complexity
xen fedoraproject CWE-755
5.5
2020-04-14 CVE-2020-11742 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy.
local
low complexity
xen fedoraproject
5.5
2020-04-14 CVE-2020-11740 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests.
local
low complexity
xen debian fedoraproject opensuse CWE-212
5.5