Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xen vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-7540
An issue exists in Xen up to and including 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.
Xen Xen
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2018-7541
An issue exists in Xen up to and including 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
Xen Xen
Debian Debian Linux 9.0
4.4
CVSSv3
CVE-2020-28368
Xen up to and including 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independe...
Xen Xen
Fedoraproject Fedora 32
Debian Debian Linux 10.0
4.6
CVSSv3
CVE-2022-23035
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quie...
Xen Xen
Fedoraproject Fedora 34
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2018-12891
An issue exists in Xen up to and including 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforc...
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Xen Xen
8.8
CVSSv3
CVE-2021-28704
PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily hav...
Xen Xen
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
8.8
CVSSv3
CVE-2020-29481
An issue exists in Xen up to and including 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access right...
Xen Xen
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6
CVSSv3
CVE-2020-29482
An issue exists in Xen up to and including 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' n...
Xen Xen
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5.5
CVSSv3
CVE-2020-29485
An issue exists in Xen 4.6 up to and including 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored impl...
Xen Xen
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6
CVSSv3
CVE-2020-29486
An issue exists in Xen up to and including 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom...
Xen Xen
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »