Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
101 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
102 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
103 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
104 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
105 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
106 Xen 4.9 4.9.4 3 55 66 3
107 Xen 4.8 4.8.5 10 58 68 3
108 Xen 4.7 4.7.6 12 57 73 4
109 Xen 4.6 4.6.6 11 62 82 8
110 Xen 4.5 4.5.5 11 67 87 16
111 Xen 4.4 4.4.4 11 67 98 25
112 Xen 4.3 4.3.4 11 68 99 23
113 Xen 4.2 4.2.5 11 70 126 34
114 Xen 4.14 4.14.3 0 21 30 3
115 Xen 4.13 4.13.4 0 26 37 3
116 Xen 4.12 4.12.4 1 30 46 3
117 Xen 4.11 4.11.4 1 45 53 3
118 Xen 4.10 4.10.4 2 43 57 3
119 Xen 4.1 4.1.6.1 11 74 122 32
120 Xen 4.0 4.0.4 11 64 104 28
121 Xen 3.4 3.4.4 11 58 84 21
122 Xen 3.3 3.3.2 11 53 82 18
123 Xen 3.2 3.2.3 11 52 76 15
124 Xen 3.1 3.1.4 11 44 71 10
125 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
101 2.3
2.1 		LOW
Local 		An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission checks when reporting a xenstore watch event. A guest administrator can watch the root xenstored nod… CWE-862
 Missing Authorization 		CVE-2020-29480 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
102 8.8
7.2 		HIGH
Local 		An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unf… CWE-862
 Missing Authorization 		CVE-2020-29479 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
103 6.2
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2020-29570 cpe:2.3:o:xen:xen:*:* 4.4.0 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
104 6.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is a… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2020-29568 cpe:2.3:o:xen:xen:*:* 4.14.1 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
105 6.2
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer… CWE-476
 NULL Pointer Dereference 		CVE-2020-29571 cpe:2.3:o:xen:xen:*:* 4.4.0 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
106 8.8
7.2 		HIGH
Local 		An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when st… CWE-416
 Use After Free 		CVE-2020-29569 cpe:2.3:o:xen:xen:*:* 4.14.1 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
107 6.2
4.9 		MEDIUM
Local 		An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2020-29567 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
108 5.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x86 HVM guests must be temporarily de-scheduled. The device model will signal Xen when it has comple… CWE-674
 Uncontrolled Recursion 		CVE-2020-29566 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:24
2020-12-16 		Show GitHub Exploit DB Packet Storm
109 8.8
4.6 		HIGH
Local 		An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one … CWE-787
CWE-193
 Out-of-bounds Write
 Off-by-one Error 		CVE-2020-29040 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:23
2020-11-25 		Show GitHub Exploit DB Packet Storm
110 4.4
2.1 		MEDIUM
Local 		Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Pl… CWE-862
 Missing Authorization 		CVE-2020-28368 cpe:2.3:o:xen:xen:*:* 4.14.0 2024-11-21 14:22
2020-11-11 		Show GitHub Exploit DB Packet Storm