Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
401 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
402 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
403 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
404 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
405 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
406 Xen 4.9 4.9.4 3 55 66 3
407 Xen 4.8 4.8.5 10 58 68 3
408 Xen 4.7 4.7.6 12 57 73 4
409 Xen 4.6 4.6.6 11 62 82 8
410 Xen 4.5 4.5.5 11 67 87 16
411 Xen 4.4 4.4.4 11 67 98 25
412 Xen 4.3 4.3.4 11 68 99 23
413 Xen 4.2 4.2.5 11 70 126 34
414 Xen 4.14 4.14.3 0 21 30 3
415 Xen 4.13 4.13.4 0 26 37 3
416 Xen 4.12 4.12.4 1 30 46 3
417 Xen 4.11 4.11.4 1 45 53 3
418 Xen 4.10 4.10.4 2 43 57 3
419 Xen 4.1 4.1.6.1 11 74 122 32
420 Xen 4.0 4.0.4 11 64 104 28
421 Xen 3.4 3.4.4 11 58 84 21
422 Xen 3.3 3.3.2 11 53 82 18
423 Xen 3.2 3.2.3 11 52 76 15
424 Xen 3.1 3.1.4 11 44 71 10
425 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
401 -
6.9 		MEDIUM The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain priv… CWE-20
 Improper Input Validation  		CVE-2012-5513 cpe:2.3:o:xen:xen:4.1.3:*
cpe:2.3:o:xen:xen:4.1.2:*
cpe:2.3:o:xen:xen:4.1.1:*
cpe:2.3:o:xen:xen:4.1.0:*
cpe… 		4.2.0 2024-11-21 10:44
2012-12-13 		Show GitHub Exploit DB Packet Storm
402 -
4.7 		MEDIUM Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2012-5511 cpe:2.3:o:xen:xen:4.1.0:*
cpe:2.3:o:xen:xen:4.0.4:*
cpe:2.3:o:xen:xen:4.0.3:*
cpe:2.3:o:xen:xen:4.0.2:*
cpe… 		2024-11-21 10:44
2012-12-13 		Show GitHub Exploit DB Packet Storm
403 -
4.7 		MEDIUM Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial … NVD-CWE-Other
CVE-2012-5510 cpe:2.3:o:xen:xen:4.2.0:*
cpe:2.3:o:xen:xen:4.1.3:*
cpe:2.3:o:xen:xen:4.1.2:*
cpe:2.3:o:xen:xen:4.1.1:*
cpe… 		2024-11-21 10:44
2012-12-13 		Show GitHub Exploit DB Packet Storm
404 -
4.6 		MEDIUM Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the I… CWE-399
 Resource Management Errors 		CVE-2011-3131 cpe:2.3:o:xen:xen:*:* 4.1.1 2024-11-21 10:29
2012-12-13 		Show GitHub Exploit DB Packet Storm
405 -
1.9 		LOW The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycle… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-3432 cpe:2.3:o:xen:xen:4.2.0:*
cpe:2.3:o:xen:xen:4.1.3:*
cpe:2.3:o:xen:xen:4.1.2:*
cpe:2.3:o:xen:xen:4.1.1:*
cpe… 		2024-11-21 10:40
2012-12-4 		Show GitHub Exploit DB Packet Storm
406 -
1.9 		LOW Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (ho… NVD-CWE-noinfo
CVE-2012-2934 cpe:2.3:o:xen:xen:4.1.0:-
cpe:2.3:o:xen:xen:4.0.0:- 		2024-11-21 10:39
2012-12-4 		Show GitHub Exploit DB Packet Storm
407 -
1.9 		LOW Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection… NVD-CWE-Other
CVE-2012-0218 cpe:2.3:o:xen:xen:4.1.0:*
cpe:2.3:o:xen:xen:4.0.0:*
cpe:2.3:o:xen:xen:3.4.0:* 		2024-11-21 10:34
2012-12-4 		Show GitHub Exploit DB Packet Storm
408 -
4.9 		MEDIUM The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of serv… CWE-20
 Improper Input Validation  		CVE-2012-4538 cpe:2.3:o:xen:xen:4.2.0:*
cpe:2.3:o:xen:xen:4.1.0:*
cpe:2.3:o:xen:xen:4.0.0:* 		2024-11-21 10:43
2012-11-25 		Show GitHub Exploit DB Packet Storm
409 -
4.9 		MEDIUM Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared pa… CWE-399
 Resource Management Errors 		CVE-2012-3433 cpe:2.3:o:xen:xen:4.1.0:*
cpe:2.3:o:xen:xen:4.0.0:* 		2024-11-21 10:40
2012-11-25 		Show GitHub Exploit DB Packet Storm
410 -
4.4 		MEDIUM The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, w… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-6036 cpe:2.3:o:xen:xen:4.2.0:*
cpe:2.3:o:xen:xen:4.1.0:*
cpe:2.3:o:xen:xen:4.0.0:* 		2024-11-21 10:45
2012-11-24 		Show GitHub Exploit DB Packet Storm