Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
381	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
382	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
383	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
384	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
385	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
386	Xen 4.9	4.9.4			3	55	66	3
387	Xen 4.8	4.8.5			10	58	68	3
388	Xen 4.7	4.7.6			12	57	73	4
389	Xen 4.6	4.6.6			11	62	82	8
390	Xen 4.5	4.5.5			11	67	87	16
391	Xen 4.4	4.4.4			11	67	98	25
392	Xen 4.3	4.3.4			11	68	99	23
393	Xen 4.2	4.2.5			11	70	126	34
394	Xen 4.14	4.14.3			0	21	30	3
395	Xen 4.13	4.13.4			0	26	37	3
396	Xen 4.12	4.12.4			1	30	46	3
397	Xen 4.11	4.11.4			1	45	53	3
398	Xen 4.10	4.10.4			2	43	57	3
399	Xen 4.1	4.1.6.1			11	74	122	32
400	Xen 4.0	4.0.4			11	64	104	28
401	Xen 3.4	3.4.4			11	58	84	21
402	Xen 3.3	3.3.2			11	53	82	18
403	Xen 3.2	3.2.3			11	52	76	15
404	Xen 3.1	3.1.4			11	44	71	10
405	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
381	- 6.9	MEDIUM	Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel.	CWE-189 Numeric Errors	CVE-2013-2194	cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen::	4.2.2	2024-11-21 10:51 2013-08-24	Show	GitHub Exploit DB Packet Storm

382	- 4.7	MEDIUM	Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.	CWE-20 Improper Input Validation	CVE-2013-2078	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:50 2013-08-15	Show	GitHub Exploit DB Packet Storm

383	- 6.9	MEDIUM	Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sen…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-1964	cpe:2.3:o:xen:xen:4.1.5:* cpe:2.3:o:xen:xen:4.1.4:* cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe…		2024-11-21 10:50 2013-05-22	Show	GitHub Exploit DB Packet Storm

384	- 1.9	LOW	Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which …	CWE-20 Improper Input Validation	CVE-2013-1952	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.4:* cpe…		2024-11-21 10:50 2013-05-14	Show	GitHub Exploit DB Packet Storm

385	- 3.3	LOW	qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-1922	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:*		2024-11-21 10:50 2013-05-14	Show	GitHub Exploit DB Packet Storm

386	- 4.7	MEDIUM	Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-1919	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:50 2013-05-14	Show	GitHub Exploit DB Packet Storm

387	- 4.7	MEDIUM	Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table tra…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2013-1918	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:50 2013-05-14	Show	GitHub Exploit DB Packet Storm

388	- 1.9	LOW	Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hyp…	CWE-20 Improper Input Validation	CVE-2013-1917	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.4:* cpe…		2024-11-21 10:50 2013-05-14	Show	GitHub Exploit DB Packet Storm

389	- 4.4	MEDIUM	Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-1920	cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.4:* cpe:2.3:o:xen:xen:4.1.3:* cpe…		2024-11-21 10:50 2013-04-13	Show	GitHub Exploit DB Packet Storm

390	- 4.3	MEDIUM	oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-0215	cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.4:* cpe:2.3:o:xen:xen:4.1.3:* cpe…		2024-11-21 10:47 2013-03-7	Show	GitHub Exploit DB Packet Storm