Vulnerabilities > XEN > XEN > 4.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-12-15 | CVE-2020-29482 | Untrusted Search Path vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 6.0 |
2020-12-15 | CVE-2020-29481 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 8.8 |
2020-12-15 | CVE-2020-29480 | Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 2.3 |
2020-12-15 | CVE-2020-29479 | Missing Authorization vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 8.8 |
2020-12-15 | CVE-2020-29569 | Use After Free vulnerability in multiple products An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. | 8.8 |
2020-12-15 | CVE-2020-29568 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An issue was discovered in Xen through 4.14.x. | 4.9 |
2020-11-24 | CVE-2020-29040 | Off-by-one Error vulnerability in XEN An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. | 4.6 |
2020-11-10 | CVE-2020-28368 | Missing Authorization vulnerability in multiple products Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. | 4.4 |
2020-10-22 | CVE-2020-27673 | An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. | 5.5 |
2020-10-22 | CVE-2020-27671 | An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because coalescing of per-page IOMMU TLB flushes is mishandled. | 7.8 |