Vulnerabilities > XEN > XEN > 4.10.4

DATE CVE VULNERABILITY TITLE RISK
2020-07-07 CVE-2020-15564 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing Arm guest OS users to cause a hypervisor crash because of a missing alignment check in VCPUOP_register_vcpu_info.
local
low complexity
xen debian fedoraproject CWE-119
6.5
6.5
2020-04-14 CVE-2020-11743 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant.
local
low complexity
xen fedoraproject CWE-755
5.5
5.5
2020-04-14 CVE-2020-11742 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy.
local
low complexity
xen fedoraproject
5.5
5.5
2020-04-14 CVE-2020-11741 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges.
local
low complexity
xen fedoraproject debian opensuse CWE-909
8.8
8.8
2020-04-14 CVE-2020-11740 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests.
local
low complexity
xen debian fedoraproject opensuse CWE-212
5.5
5.5
2020-04-14 CVE-2020-11739 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths.
local
high complexity
xen fedoraproject debian opensuse CWE-362
7.8
7.8
2019-12-11 CVE-2019-19583 An issue was discovered in Xen through 4.12.x allowing x86 HVM/PVH guest OS users to cause a denial of service (guest OS crash) because VMX VMEntry checks mishandle a certain case.
network
low complexity
xen fedoraproject opensuse debian
7.5
7.5
2019-12-11 CVE-2019-19582 Infinite Loop vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 guest OS users to cause a denial of service (infinite loop) because certain bit iteration is mishandled.
local
low complexity
xen fedoraproject CWE-835
6.5
6.5
2019-12-11 CVE-2019-19581 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing 32-bit Arm guest OS users to cause a denial of service (out-of-bounds access) because certain bit iteration is mishandled.
local
low complexity
xen fedoraproject CWE-119
6.5
6.5
2019-12-11 CVE-2019-19577 Improper Synchronization vulnerability in multiple products
An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height updates.
low complexity
xen fedoraproject CWE-662
7.2
7.2