Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
391 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
392 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
393 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
394 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
395 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
396 Xen 4.9 4.9.4 3 55 66 3
397 Xen 4.8 4.8.5 10 58 68 3
398 Xen 4.7 4.7.6 12 57 73 4
399 Xen 4.6 4.6.6 11 62 82 8
400 Xen 4.5 4.5.5 11 67 87 16
401 Xen 4.4 4.4.4 11 67 98 25
402 Xen 4.3 4.3.4 11 68 99 23
403 Xen 4.2 4.2.5 11 70 126 34
404 Xen 4.14 4.14.3 0 21 30 3
405 Xen 4.13 4.13.4 0 26 37 3
406 Xen 4.12 4.12.4 1 30 46 3
407 Xen 4.11 4.11.4 1 45 53 3
408 Xen 4.10 4.10.4 2 43 57 3
409 Xen 4.1 4.1.6.1 11 74 122 32
410 Xen 4.0 4.0.4 11 64 104 28
411 Xen 3.4 3.4.4 11 58 84 21
412 Xen 3.3 3.3.2 11 53 82 18
413 Xen 3.2 3.2.3 11 52 76 15
414 Xen 3.1 3.1.4 11 44 71 10
415 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
391 -
4.6 		MEDIUM The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0151 cpe:2.3:o:xen:xen:4.2.1:-
cpe:2.3:o:xen:xen:4.2.0:- 		2024-11-21 10:46
2013-03-7 		Show GitHub Exploit DB Packet Storm
392 -
4.7 		MEDIUM The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to … NVD-CWE-noinfo
CVE-2013-0153 cpe:2.3:o:xen:xen:4.2.1:*
cpe:2.3:o:xen:xen:4.2.0:*
cpe:2.3:o:xen:xen:4.1.4:*
cpe:2.3:o:xen:xen:4.1.3:*
cpe… 		2024-11-21 10:46
2013-02-15 		Show GitHub Exploit DB Packet Storm
393 -
6.1 		MEDIUM Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause … CWE-16
Configuration 		CVE-2012-5634 cpe:2.3:o:xen:xen:4.2.1:*
cpe:2.3:o:xen:xen:4.2.0:*
cpe:2.3:o:xen:xen:4.1.4:*
cpe:2.3:o:xen:xen:4.1.3:*
cpe… 		2024-11-21 10:45
2013-02-15 		Show GitHub Exploit DB Packet Storm
394 -
4.9 		MEDIUM The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2013-0231 cpe:2.3:o:xen:xen:3.2.3:*
cpe:2.3:o:xen:xen:3.2.2:*
cpe:2.3:o:xen:xen:3.2.1:*
cpe:2.3:o:xen:xen:3.2.0:*
cpe… 		2024-11-21 10:47
2013-02-13 		Show GitHub Exploit DB Packet Storm
395 -
4.7 		MEDIUM Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not prope… CWE-399
 Resource Management Errors 		CVE-2013-0152 cpe:2.3:o:xen:xen:4.2.0:* 2024-11-21 10:46
2013-02-13 		Show GitHub Exploit DB Packet Storm
396 -
1.9 		LOW The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service (assertion failure and hypervisor crash… NVD-CWE-noinfo
CVE-2013-0154 cpe:2.3:o:xen:xen:4.2.0:* 2024-11-21 10:46
2013-01-12 		Show GitHub Exploit DB Packet Storm
397 -
4.7 		MEDIUM Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. CWE-399
 Resource Management Errors 		CVE-2012-6333 cpe:2.3:o:xen:xen:4.2.0:*
cpe:2.3:o:xen:xen:4.1.0:*
cpe:2.3:o:xen:xen:4.0.4:*
cpe:2.3:o:xen:xen:4.0.3:*
cpe… 		2024-11-21 10:46
2012-12-13 		Show GitHub Exploit DB Packet Storm
398 -
4.7 		MEDIUM The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. NVD-CWE-noinfo
CVE-2012-5525 cpe:2.3:o:xen:xen:4.2.0:* 2024-11-21 10:44
2012-12-13 		Show GitHub Exploit DB Packet Storm
399 -
4.7 		MEDIUM The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop an… NVD-CWE-noinfo
CVE-2012-5515 cpe:2.3:o:xen:xen:4.1.3:*
cpe:2.3:o:xen:xen:4.1.2:*
cpe:2.3:o:xen:xen:4.1.1:*
cpe:2.3:o:xen:xen:4.1.0:*
cpe… 		4.2.0 2024-11-21 10:44
2012-12-13 		Show GitHub Exploit DB Packet Storm
400 -
4.7 		MEDIUM The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to ca… NVD-CWE-Other
CVE-2012-5514 cpe:2.3:o:xen:xen:4.1.3:*
cpe:2.3:o:xen:xen:4.1.2:*
cpe:2.3:o:xen:xen:4.1.1:*
cpe:2.3:o:xen:xen:4.1.0:*
cpe… 		4.2.0 2024-11-21 10:44
2012-12-13 		Show GitHub Exploit DB Packet Storm