Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-23	CVE-2020-25597	Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject CWE-755	6.5
2020-09-23	CVE-2020-25596	Injection vulnerability in multiple products An issue was discovered in Xen through 4.14.x. local low complexity xen fedoraproject debian opensuse CWE-74	5.5
2020-07-07	CVE-2020-15566	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a host OS crash because of incorrect error handling in event-channel port allocation. local low complexity xen debian CWE-754	6.5
2020-07-07	CVE-2020-15564	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info. local low complexity xen debian fedoraproject CWE-119	6.5
2020-07-07	CVE-2020-15563	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest OS users to cause a hypervisor crash. local low complexity xen debian fedoraproject opensuse CWE-119	6.5
2020-04-14	CVE-2020-11743	Improper Handling of Exceptional Conditions vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. local low complexity xen fedoraproject CWE-755	5.5
2020-04-14	CVE-2020-11742	An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. local low complexity xen fedoraproject	5.5
2020-04-14	CVE-2020-11740	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. local low complexity xen debian fedoraproject opensuse CWE-212	5.5
2019-12-11	CVE-2019-19582	Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled. local low complexity xen fedoraproject CWE-835	6.5
2019-12-11	CVE-2019-19581	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled. local low complexity xen fedoraproject CWE-119	6.5