Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
91 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
92 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
93 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
94 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
95 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
96 Xen 4.9 4.9.4 3 55 66 3
97 Xen 4.8 4.8.5 10 58 68 3
98 Xen 4.7 4.7.6 12 57 73 4
99 Xen 4.6 4.6.6 11 62 82 8
100 Xen 4.5 4.5.5 11 67 87 16
101 Xen 4.4 4.4.4 11 67 98 25
102 Xen 4.3 4.3.4 11 68 99 23
103 Xen 4.2 4.2.5 11 70 126 34
104 Xen 4.14 4.14.3 0 21 30 3
105 Xen 4.13 4.13.4 0 26 37 3
106 Xen 4.12 4.12.4 1 30 46 3
107 Xen 4.11 4.11.4 1 45 53 3
108 Xen 4.10 4.10.4 2 43 57 3
109 Xen 4.1 4.1.6.1 11 74 122 32
110 Xen 4.0 4.0.4 11 64 104 28
111 Xen 3.4 3.4.4 11 58 84 21
112 Xen 3.3 3.3.2 11 53 82 18
113 Xen 3.2 3.2.3 11 52 76 15
114 Xen 3.1 3.1.4 11 44 71 10
115 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
91 5.5
4.9 		MEDIUM
Local 		HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. … CWE-909
 Missing Initialization of Resource 		CVE-2021-28687 cpe:2.3:o:xen:xen:4.15.0:rc1
cpe:2.3:o:xen:xen:*:* 		4.12 4.15.0 2024-11-21 15:00
2021-06-12 		Show GitHub Exploit DB Packet Storm
92 7.8
5.9 		HIGH
Local 		An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privil… NVD-CWE-Other
CVE-2021-27379 cpe:2.3:o:xen:xen:*:* 3.2.0 4.12.0 2024-11-21 14:57
2021-02-19 		Show GitHub Exploit DB Packet Storm
93 5.5
2.1 		MEDIUM
Local 		An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as … NVD-CWE-noinfo
CVE-2021-26933 cpe:2.3:o:xen:xen:*:* 4.9.0 4.14.1 2024-11-21 14:57
2021-02-17 		Show GitHub Exploit DB Packet Storm
94 5.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting i… NVD-CWE-noinfo
CVE-2021-3308 cpe:2.3:o:xen:xen:4.12.4:*
cpe:2.3:o:xen:xen:4.12.3:*
cpe:2.3:o:xen:xen:*:* 		4.13.1 4.14.1 2024-11-21 15:21
2021-01-27 		Show GitHub Exploit DB Packet Storm
95 5.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. Th… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2020-29485 cpe:2.3:o:xen:xen:*:* 4.6.0 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
96 6.0
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run an… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2020-29486 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
97 6.0
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore … CWE-476
 NULL Pointer Dereference 		CVE-2020-29484 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
98 6.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connec… CWE-416
 Use After Free 		CVE-2020-29483 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
99 6.0
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID … CWE-426
 Untrusted Search Path 		CVE-2020-29482 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
100 8.8
4.6 		HIGH
Local 		An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This mean… CWE-269
 Improper Privilege Management 		CVE-2020-29481 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm