Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
421	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
422	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
423	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
424	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
425	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
426	Xen 4.9	4.9.4			3	55	66	3
427	Xen 4.8	4.8.5			10	58	68	3
428	Xen 4.7	4.7.6			12	57	73	4
429	Xen 4.6	4.6.6			11	62	82	8
430	Xen 4.5	4.5.5			11	67	87	16
431	Xen 4.4	4.4.4			11	67	98	25
432	Xen 4.3	4.3.4			11	68	99	23
433	Xen 4.2	4.2.5			11	70	126	34
434	Xen 4.14	4.14.3			0	21	30	3
435	Xen 4.13	4.13.4			0	26	37	3
436	Xen 4.12	4.12.4			1	30	46	3
437	Xen 4.11	4.11.4			1	45	53	3
438	Xen 4.10	4.10.4			2	43	57	3
439	Xen 4.1	4.1.6.1			11	74	122	32
440	Xen 4.0	4.0.4			11	64	104	28
441	Xen 3.4	3.4.4			11	58	84	21
442	Xen 3.3	3.3.2			11	53	82	18
443	Xen 3.2	3.2.3			11	52	76	15
444	Xen 3.1	3.1.4			11	44	71	10
445	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
421	- 6.9	MEDIUM	(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS…	CWE-20 Improper Input Validation	CVE-2012-3497	cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.0:* cpe:2.3:o:xen:xen:4.0.0:*		2024-11-21 10:40 2012-11-24	Show	GitHub Exploit DB Packet Storm

422	- 4.7	MEDIUM	XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG …	CWE-16 Configuration	CVE-2012-3496	cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.0:* cpe:2.3:o:xen:xen:4.0.0:*		2024-11-21 10:40 2012-11-24	Show	GitHub Exploit DB Packet Storm

423	- 6.1	MEDIUM	The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking th…	CWE-20 Improper Input Validation	CVE-2012-3495	cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe:2.3:o:xen:xen:4.1.1:* cpe:2.3:o:xen:xen:4.1.0:*		2024-11-21 10:40 2012-11-24	Show	GitHub Exploit DB Packet Storm

424	- 2.1	LOW	The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denia…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-3494	cpe:2.3:o:xen:xen:4.2.0:- cpe:2.3:o:xen:xen:4.2.0:- cpe:2.3:o:xen:xen:4.1.0:- cpe:2.3:o:xen:xen:4.1.0:- cpe…		2024-11-21 10:40 2012-11-24	Show	GitHub Exploit DB Packet Storm

425	- 2.1	LOW	Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments…	CWE-399 Resource Management Errors	CVE-2012-4539	cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe:2.3:o:xen:xen:4.1.1:* cpe…		2024-11-21 10:43 2012-11-22	Show	GitHub Exploit DB Packet Storm

426	- 2.1	LOW	Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause…	CWE-16 Configuration	CVE-2012-4537	cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe:2.3:o:xen:xen:4.1.1:* cpe…		2024-11-21 10:43 2012-11-22	Show	GitHub Exploit DB Packet Storm

427	- 2.1	LOW	The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an o…	NVD-CWE-noinfo	CVE-2012-4536	cpe:2.3:o:xen:xen:2.2.0:*		2024-11-21 10:43 2012-11-22	Show	GitHub Exploit DB Packet Storm

428	- 1.9	LOW	Xen 3.4 through 4.2, and possibly earlier versions, allows local guest OS administrators to cause a denial of service (Xen infinite loop and physical CPU consumption) by setting a VCPU with an "inapp…	CWE-399 Resource Management Errors	CVE-2012-4535	cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe:2.3:o:xen:xen:4.1.1:* cpe…		2024-11-21 10:43 2012-11-22	Show	GitHub Exploit DB Packet Storm

429	- 2.1	LOW	The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of se…	CWE-20 Improper Input Validation	CVE-2012-4544	cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe:2.3:o:xen:xen:4.1.1:* cpe:2.3:o:xen:xen:4.1.0:* cpe…	4.2.0	2024-11-21 10:43 2012-11-1	Show	GitHub Exploit DB Packet Storm

430	- 2.7	LOW	The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1…	CWE-20 Improper Input Validation	CVE-2012-2625	cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe:2.3:o:xen:xen:4.1.1:* cpe…		2024-11-21 10:39 2012-11-1	Show	GitHub Exploit DB Packet Storm