Vulnerabilities > XEN > XEN > 4.6.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-28 | CVE-2017-17044 | Infinite Loop vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | 4.9 |
| 2017-10-18 | CVE-2017-15596 | Resource Exhaustion vulnerability in XEN An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error. | 4.9 |
| 2017-10-18 | CVE-2017-15595 | Resource Exhaustion vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking. | 7.2 |
| 2017-10-18 | CVE-2017-15594 | Unspecified vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging. | 4.6 |
| 2017-10-18 | CVE-2017-15593 | Missing Release of Resource after Effective Lifetime vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled. | 4.9 |
| 2017-10-18 | CVE-2017-15592 | Exposure of Resource to Wrong Sphere vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests. | 7.2 |
| 2017-10-18 | CVE-2017-15591 | Improper Input Validation vulnerability in XEN An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of range start to range end) within the DMOP map/unmap implementation. | 4.9 |
| 2017-09-13 | CVE-2017-14431 | Missing Release of Resource after Effective Lifetime vulnerability in XEN Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207. | 4.9 |
| 2017-09-12 | CVE-2017-14319 | Unspecified vulnerability in XEN A grant unmapping issue was discovered in Xen through 4.9.x. | 7.2 |
| 2017-09-12 | CVE-2017-14318 | NULL Pointer Dereference vulnerability in XEN An issue was discovered in Xen 4.5.x through 4.9.x. | 4.9 |