Vulnerabilities (CVE)

Vendor filter

Xen Subscribe

Filter

284 total CVE
CVE Vendors Products Updated CVSS
CVE-2015-8553 2 Xen, Redhat 2 Enterprise Linux, Xen 2019-08-13 2.1
Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.
CVE-2017-12135 3 Citrix, Xen, Debian 3 Xenserver, Xen, Debian Linux 2019-05-10 4.6
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
CVE-2017-12137 3 Citrix, Xen, Debian 3 Xenserver, Xen, Debian Linux 2019-05-06 7.2
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
CVE-2017-12136 3 Xen, Citrix, Debian 3 Xen, Xenserver, Debian Linux 2019-05-06 6.9
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
CVE-2015-3456 3 Qemu, Xen, Redhat 5 Enterprise Virtualization, Openstack, Enterprise Linux and 2 more 2019-04-22 7.7
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2)...
CVE-2018-19967 2 Debian, Xen 2 Debian Linux, Xen 2019-04-17 4.9
An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE...
CVE-2018-19965 3 Xen, Citrix, Debian 3 Xen, Xenserver, Debian Linux 2019-04-17 4.7
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists...
CVE-2018-19962 3 Xen, Citrix, Debian 3 Xen, Xenserver, Debian Linux 2019-04-17 6.9
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
CVE-2018-19961 3 Xen, Citrix, Debian 3 Xen, Xenserver, Debian Linux 2019-04-17 6.9
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
CVE-2018-10982 2 Debian, Xen 2 Debian Linux, Xen 2019-03-21 7.2
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET...
CVE-2018-15471 3 Linux, Xen, Canonical 3 Linux Kernel, Xen, Ubuntu Linux 2019-03-21 6.8
An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to...
CVE-2018-14678 3 Linux, Xen, Debian 3 Linux Kernel, Xen, Debian Linux 2019-03-14 7.2
An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which allows local users to cause a denial of service...
CVE-2018-15469 2 Xen, Debian 2 Xen, Debian Linux 2019-03-08 4.9
An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting...
CVE-2012-0217 8 Joyent, Freebsd, Citrix and 5 more 11 Windows Server 2008, Xenserver, Windows 7 and 8 more 2019-03-08 7.2
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before...
CVE-2016-3159 4 Xen, Fedoraproject, Oracle and 1 more 4 Vm Server, Xen, Fedora and 1 more 2019-02-21 1.7
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another...
CVE-2015-8104 5 Xen, Linux, Oracle and 2 more 6 Solaris, Vm Virtualbox, Xen and 3 more 2019-02-13 4.7
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
CVE-2015-5307 5 Xen, Linux, Oracle and 2 more 5 Vm Virtualbox, Xen, Linux Kernel and 2 more 2019-02-12 4.9
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVE-2018-18883 1 Xen 1 Xen 2019-01-24 7.2
An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not...
CVE-2018-8897 7 Citrix, Synology, Apple and 4 more 10 Xenserver, Skynas, Mac Os X and 7 more 2019-01-03 7.2
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions...
CVE-2018-19963 1 Xen 1 Xen 2018-12-28 6.9
An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.