Vulnerabilities > XEN > XEN > 4.12.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2019-18420 | Use of Externally-Controlled Format String vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. | 6.5 |
| 2019-10-08 | CVE-2019-17349 | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation. | 5.5 |
| 2019-10-08 | CVE-2019-17351 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7. | 4.9 |
| 2019-10-08 | CVE-2019-17350 | Infinite Loop vulnerability in multiple products An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation. | 5.5 |
| 2018-01-05 | CVE-2018-5244 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in XEN In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. | 4.9 |