Vulnerabilities > XEN > XEN > 3.4.3

DATE CVE VULNERABILITY TITLE RISK
2018-12-08 CVE-2018-19965 An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code.
local
high complexity
xen citrix debian
5.6
5.6
2018-12-08 CVE-2018-19962 Information Exposure vulnerability in multiple products
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
local
high complexity
xen debian citrix CWE-200
7.8
7.8
2018-12-08 CVE-2018-19961 Incomplete Cleanup vulnerability in multiple products
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
local
high complexity
xen debian citrix CWE-459
7.8
7.8
2018-08-17 CVE-2018-15471 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products.
local
low complexity
xen linux canonical CWE-125
7.8
7.8
2018-08-17 CVE-2018-15470 Resource Exhaustion vulnerability in XEN
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen CWE-400
4.9
4.9
2018-08-17 CVE-2018-15469 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen debian CWE-400
4.9
4.9
2018-08-17 CVE-2018-15468 Incorrect Authorization vulnerability in XEN
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen CWE-863
4.9
4.9
2018-07-28 CVE-2018-14678 Improper Initialization vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x.
local
low complexity
linux xen debian canonical CWE-665
7.8
7.8
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
 9.9
9.9
2018-07-03 CVE-2017-2615 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
 9.1
9.1