Vulnerabilities > XEN > XEN > 3.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-14 | CVE-2020-11741 | Missing Initialization of Resource vulnerability in multiple products An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. | 8.8 |
| 2020-04-14 | CVE-2020-11739 | Race Condition vulnerability in multiple products An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. | 7.8 |
| 2019-12-11 | CVE-2019-19577 | Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates. | 7.2 |
| 2019-12-04 | CVE-2019-19579 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not used), because of an incomplete fix for CVE-2019-18424. | 6.8 |
| 2019-10-31 | CVE-2019-18424 | OS Command Injection vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. | 6.8 |
| 2019-10-08 | CVE-2019-17349 | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | 5.5 |
| 2019-10-08 | CVE-2019-17348 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching. | 6.5 |
| 2019-10-08 | CVE-2019-17346 | Improper Input Validation vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. | 8.8 |
| 2019-10-08 | CVE-2019-17344 | Improper Synchronization vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | 4.9 |
| 2019-10-08 | CVE-2019-17343 | Improper Locking vulnerability in multiple products An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. | 4.6 |