Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
32 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
33 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
34 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
35 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
36 Xen 4.9 4.9.4 3 55 66 3
37 Xen 4.8 4.8.5 10 58 68 3
38 Xen 4.7 4.7.6 12 57 73 4
39 Xen 4.6 4.6.6 11 62 82 8
40 Xen 4.5 4.5.5 11 67 87 16
41 Xen 4.4 4.4.4 11 67 98 25
42 Xen 4.3 4.3.4 11 68 99 23
43 Xen 4.2 4.2.5 11 70 126 34
44 Xen 4.14 4.14.3 0 21 30 3
45 Xen 4.13 4.13.4 0 26 37 3
46 Xen 4.12 4.12.4 1 30 46 3
47 Xen 4.11 4.11.4 1 45 53 3
48 Xen 4.10 4.10.4 2 43 57 3
49 Xen 4.1 4.1.6.1 11 74 122 32
50 Xen 4.0 4.0.4 11 64 104 28
51 Xen 3.4 3.4.4 11 58 84 21
52 Xen 3.3 3.3.2 11 53 82 18
53 Xen 3.2 3.2.3 11 52 76 15
54 Xen 3.1 3.1.4 11 44 71 10
55 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 5.5
- 		MEDIUM
Local 		Xenstore: Guests can create orphaned Xenstore nodes By creating multiple nodes inside a transaction resulting in an error, a malicious guest can create orphaned nodes in the Xenstore data base, as th… CWE-459
 Incomplete Cleanup 		CVE-2022-42310 cpe:2.3:o:xen:xen:*:* 4.9.0 4.13.0 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
32 5.5
- 		MEDIUM
Local 		Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2022-42326 cpe:2.3:o:xen:xen:*:* 4.9.0 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
33 8.8
- 		HIGH
Local 		Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xen… CWE-763
 Release of Invalid Pointer or Reference 		CVE-2022-42309 cpe:2.3:o:xen:xen:-:* 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
34 5.5
- 		MEDIUM
Local 		Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2022-42325 cpe:2.3:o:xen:xen:*:* 4.9.0 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
35 5.5
- 		MEDIUM
Local 		Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Sin… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2022-42323 cpe:2.3:o:xen:xen:-:* 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
36 7.0
- 		HIGH
Local 		Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights contai… CWE-459
 Incomplete Cleanup 		CVE-2022-42320 cpe:2.3:o:xen:xen:-:* 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
37 6.5
- 		MEDIUM
Local 		Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2022-42319 cpe:2.3:o:xen:xen:*:* 4.9.0 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
38 6.5
- 		MEDIUM
Local 		Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2022-42318 cpe:2.3:o:xen:xen:-:* 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
39 6.5
- 		MEDIUM
Local 		Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2022-42317 cpe:2.3:o:xen:xen:-:* 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm
40 6.5
- 		MEDIUM
Local 		Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2022-42315 cpe:2.3:o:xen:xen:-:* 2024-11-21 16:24
2022-11-1 		Show GitHub Exploit DB Packet Storm