Vulnerabilities > XEN > XEN > 3.4.3

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-34323 NULL Pointer Dereference vulnerability in XEN
When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes.
local
low complexity
xen CWE-476
5.5
2021-11-24 CVE-2021-28706 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrator established limit.
network
low complexity
xen fedoraproject debian CWE-770
8.6
2021-08-27 CVE-2021-28698 Infinite Loop vulnerability in multiple products
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains.
local
low complexity
xen fedoraproject debian CWE-835
5.5
2021-06-30 CVE-2021-28692 Improper Privilege Management vulnerability in XEN
inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands.
local
low complexity
xen CWE-269
5.6
2020-12-15 CVE-2020-29486 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-770
6.0
2020-12-15 CVE-2020-29484 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-476
6.0
2020-12-15 CVE-2020-29483 Use After Free vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-416
6.5
2020-12-15 CVE-2020-29482 Untrusted Search Path vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-426
6.0
2020-12-15 CVE-2020-29481 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-269
8.8
2020-12-15 CVE-2020-29480 Missing Authorization vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-862
2.3