VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
XEN
>
XEN
> 4.15.1
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-11-24
CVE-2021-28704
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen
fedoraproject
debian
8.8
8.8
2021-11-24
CVE-2021-28707
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen
debian
fedoraproject
8.8
8.8
2021-11-24
CVE-2021-28708
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned.
local
low complexity
xen
debian
fedoraproject
8.8
8.8
2021-10-06
CVE-2021-28702
Improper Privilege Management vulnerability in multiple products
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR").
low complexity
xen
fedoraproject
debian
CWE-269
7.6
7.6
2021-09-08
CVE-2021-28701
Race Condition vulnerability in multiple products
Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory.
local
high complexity
xen
debian
fedoraproject
CWE-362
7.8
7.8
2021-08-27
CVE-2021-28698
Infinite Loop vulnerability in multiple products
long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains.
local
low complexity
xen
fedoraproject
debian
CWE-835
5.5
5.5
2021-08-27
CVE-2021-28699
inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status.
local
low complexity
xen
fedoraproject
debian
5.5
5.5
2021-06-11
CVE-2021-28689
Improper Cross-boundary Removal of Sensitive Data vulnerability in XEN
x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1.
local
low complexity
xen
CWE-212
5.5
5.5
«
Previous
1
2
3
(current)
»