Vulnerabilities > XEN > XEN > 4.1.6

DATE CVE VULNERABILITY TITLE RISK
2018-08-17 CVE-2018-15468 Incorrect Authorization vulnerability in XEN
An issue was discovered in Xen through 4.11.x.
local
low complexity
xen CWE-863
4.9
4.9
2018-07-28 CVE-2018-14678 Improper Initialization vulnerability in multiple products
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x.
local
low complexity
linux xen debian canonical CWE-665
7.8
7.8
2018-07-27 CVE-2017-2620 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
 9.9
9.9
2018-07-03 CVE-2017-2615 Out-of-bounds Write vulnerability in multiple products
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue.
network
low complexity
qemu redhat citrix debian xen CWE-787
critical
 9.1
9.1
2018-07-02 CVE-2018-12891 An issue was discovered in Xen through 4.10.x.
local
low complexity
debian xen
4.9
4.9
2018-05-10 CVE-2018-10981 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid transitions between states of a request.
local
low complexity
debian xen CWE-835
4.9
4.9
2018-04-27 CVE-2018-10471 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.
local
low complexity
xen debian CWE-787
4.9
4.9
2018-02-27 CVE-2018-7541 An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
local
low complexity
xen debian
6.1
6.1
2018-02-27 CVE-2018-7540 Resource Exhaustion vulnerability in multiple products
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
local
low complexity
xen debian CWE-400
4.9
4.9
2017-12-12 CVE-2017-17566 Unspecified vulnerability in XEN
An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.
local
xen
6.9
6.9