Vulnerabilities > XEN > XEN > 4.12.3

DATE CVE VULNERABILITY TITLE RISK
2020-11-10 CVE-2020-28368 Missing Authorization vulnerability in multiple products
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack.
local
low complexity
xen fedoraproject debian CWE-862
4.4
4.4
2020-10-22 CVE-2020-27673 An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.
local
low complexity
linux debian opensuse xen
5.5
5.5
2020-10-22 CVE-2020-27671 An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled.
local
high complexity
xen opensuse debian fedoraproject
7.8
7.8
2020-09-23 CVE-2020-25604 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
high complexity
xen fedoraproject debian opensuse CWE-362
4.7
4.7
2020-09-23 CVE-2020-25603 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject opensuse debian CWE-670
7.8
7.8
2020-09-23 CVE-2020-25602 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject debian opensuse CWE-755
6.0
6.0
2020-09-23 CVE-2020-25601 An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject opensuse
5.5
5.5
2020-09-23 CVE-2020-25599 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
high complexity
xen fedoraproject opensuse debian CWE-362
7.0
7.0
2020-09-23 CVE-2020-25598 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen 4.14.x.
local
low complexity
xen fedoraproject opensuse CWE-670
5.5
5.5
2020-09-23 CVE-2020-25597 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject CWE-755
6.5
6.5