Vulnerabilities > XEN > XEN > 4.3.4

DATE CVE VULNERABILITY TITLE RISK
2020-09-23 CVE-2020-25604 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
high complexity
xen fedoraproject debian opensuse CWE-362
4.7
4.7
2020-09-23 CVE-2020-25603 Always-Incorrect Control Flow Implementation vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject opensuse debian CWE-670
7.8
7.8
2020-09-23 CVE-2020-25601 An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject opensuse
5.5
5.5
2020-09-23 CVE-2020-25596 Injection vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject debian opensuse CWE-74
5.5
5.5
2020-09-23 CVE-2020-25595 Improper Privilege Management vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen fedoraproject debian opensuse CWE-269
7.8
7.8
2020-07-07 CVE-2020-15567 Race Condition vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE.
local
high complexity
xen debian opensuse fedoraproject CWE-362
7.8
7.8
2020-04-14 CVE-2020-11743 Improper Handling of Exceptional Conditions vulnerability in multiple products
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant.
local
low complexity
xen fedoraproject CWE-755
5.5
5.5
2020-04-14 CVE-2020-11742 An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy.
local
low complexity
xen fedoraproject
5.5
5.5
2020-04-14 CVE-2020-11741 Missing Initialization of Resource vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges.
local
low complexity
xen fedoraproject debian opensuse CWE-909
8.8
8.8
2020-04-14 CVE-2020-11740 Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests.
local
low complexity
xen debian fedoraproject opensuse CWE-212
5.5
5.5