XEN : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution) CVSS score >= 1
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.
Max CVSS
7.8
EPSS Score
0.08%
Published
2017-10-18
Updated
2018-10-19
Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-05-11
Updated
2019-10-03
Xen through 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-05-11
Updated
2019-10-03
Xen through 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-05-11
Updated
2019-10-03
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-01-23
Updated
2017-07-01
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
Max CVSS
8.8
EPSS Score
0.08%
Published
2017-10-16
Updated
2023-02-13
6 vulnerabilities found