Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
11	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
12	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
13	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
14	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
15	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
16	Xen 4.9	4.9.4			3	55	66	3
17	Xen 4.8	4.8.5			10	58	68	3
18	Xen 4.7	4.7.6			12	57	73	4
19	Xen 4.6	4.6.6			11	62	82	8
20	Xen 4.5	4.5.5			11	67	87	16
21	Xen 4.4	4.4.4			11	67	98	25
22	Xen 4.3	4.3.4			11	68	99	23
23	Xen 4.2	4.2.5			11	70	126	34
24	Xen 4.14	4.14.3			0	21	30	3
25	Xen 4.13	4.13.4			0	26	37	3
26	Xen 4.12	4.12.4			1	30	46	3
27	Xen 4.11	4.11.4			1	45	53	3
28	Xen 4.10	4.10.4			2	43	57	3
29	Xen 4.1	4.1.6.1			11	74	122	32
30	Xen 4.0	4.0.4			11	64	104	28
31	Xen 3.4	3.4.4			11	58	84	21
32	Xen 3.3	3.3.2			11	53	82	18
33	Xen 3.2	3.2.3			11	52	76	15
34	Xen 3.1	3.1.4			11	44	71	10
35	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	less than	Update date Published date	Show Affected	Exploit PoC Search
11	7.8 -	HIGH Local	For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV…	CWE-273 Improper Check for Dropped Privileges	CVE-2023-34322	cpe:2.3:o:xen:xen::	3.2.0		4.15.0	2024-11-21 17:07 2024-01-6	Show	GitHub Exploit DB Packet Storm

12	6.7 -	MEDIUM Local	An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file…	CWE-787 Out-of-bounds Write	CVE-2023-4949	cpe:2.3:o:xen:xen:-:*				2024-11-21 17:36 2023-11-11	Show	GitHub Exploit DB Packet Storm

13	7.8 -	HIGH Local	The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic intro…	CWE-787 Out-of-bounds Write	CVE-2023-34319	cpe:2.3:o:xen:xen::	3.2.0			2024-11-21 17:07 2023-09-22	Show	GitHub Exploit DB Packet Storm

14	6.5 -	MEDIUM Local	Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable in…	CWE-203 Information Exposure Through Discrepancy	CVE-2022-40982	cpe:2.3:o:xen:xen:-:*				2024-11-21 16:22 2023-08-11	Show	GitHub Exploit DB Packet Storm

15	5.5 -	MEDIUM Local	A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.	CWE-369 Divide By Zero	CVE-2023-20588	cpe:2.3:o:xen:xen:-:*				2024-11-21 16:41 2023-08-9	Show	GitHub Exploit DB Packet Storm

16	5.5 -	MEDIUM Local	An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.	NVD-CWE-Other	CVE-2023-20593	cpe:2.3:o:xen:xen:4.17.0:* cpe:2.3:o:xen:xen:4.16.0:* cpe:2.3:o:xen:xen:4.15.0:* cpe:2.3:o:xen:xen:4.14.0:*				2024-11-21 16:41 2023-07-25	Show	GitHub Exploit DB Packet Storm

17	8.8 -	HIGH Network	The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it poss…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2022-4949	cpe:2.3:o:xen:xen:-:*				2026-04-9 04:17 2023-06-7	Show	GitHub Exploit DB Packet Storm

18	3.3 -	LOW Local	Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, a…	NVD-CWE-noinfo	CVE-2022-42336	cpe:2.3:o:xen:xen:4.17:*				2024-11-21 16:24 2023-05-17	Show	GitHub Exploit DB Packet Storm

19	7.8 -	HIGH Local	x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so calle…	CWE-476 NULL Pointer Dereference	CVE-2022-42335	cpe:2.3:o:xen:xen:4.17.0:*				2024-11-21 16:24 2023-04-25	Show	GitHub Exploit DB Packet Storm

20	6.5 -	MEDIUM Local	x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability cont…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2022-42334	cpe:2.3:o:xen:xen::	4.11.0	4.17.0		2024-11-21 16:24 2023-03-21	Show	GitHub Exploit DB Packet Storm