Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
72 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
73 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
74 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
75 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
76 Xen 4.9 4.9.4 3 55 66 3
77 Xen 4.8 4.8.5 10 58 68 3
78 Xen 4.7 4.7.6 12 57 73 4
79 Xen 4.6 4.6.6 11 62 82 8
80 Xen 4.5 4.5.5 11 67 87 16
81 Xen 4.4 4.4.4 11 67 98 25
82 Xen 4.3 4.3.4 11 68 99 23
83 Xen 4.2 4.2.5 11 70 126 34
84 Xen 4.14 4.14.3 0 21 30 3
85 Xen 4.13 4.13.4 0 26 37 3
86 Xen 4.12 4.12.4 1 30 46 3
87 Xen 4.11 4.11.4 1 45 53 3
88 Xen 4.10 4.10.4 2 43 57 3
89 Xen 4.1 4.1.6.1 11 74 122 32
90 Xen 4.0 4.0.4 11 64 104 28
91 Xen 3.4 3.4.4 11 58 84 21
92 Xen 3.3 3.3.2 11 53 82 18
93 Xen 3.2 3.2.3 11 52 76 15
94 Xen 3.1 3.1.4 11 44 71 10
95 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 6.5
2.1 		MEDIUM
Local 		Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen o… NVD-CWE-noinfo
CVE-2021-28712 cpe:2.3:o:xen:xen:-:* 2024-11-21 15:00
2022-01-6 		Show GitHub Exploit DB Packet Storm
72 6.5
2.1 		MEDIUM
Local 		Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen o… NVD-CWE-noinfo
CVE-2021-28711 cpe:2.3:o:xen:xen:-:* 2024-11-21 15:00
2022-01-6 		Show GitHub Exploit DB Packet Storm
73 7.0
6.9 		HIGH
Local 		grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associa… NVD-CWE-Other
CVE-2021-28703 cpe:2.3:o:xen:xen:*:* 14.4 2024-11-21 15:00
2021-12-7 		Show GitHub Exploit DB Packet Storm
74 7.8
6.9 		HIGH
Local 		issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH gu… CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2021-28709 cpe:2.3:o:xen:xen:4.15.1:*
cpe:2.3:o:xen:xen:4.15.0:*
cpe:2.3:o:xen:xen:*:* 		4.14.0
4.13.0
3.4.0 		4.14.3
4.13.4
4.12.4



2024-11-21 15:00
2021-11-24 		Show GitHub Exploit DB Packet Storm
75 7.8
6.9 		HIGH
Local 		issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH gu… CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2021-28705 cpe:2.3:o:xen:xen:4.15.1:*
cpe:2.3:o:xen:xen:4.15.0:*
cpe:2.3:o:xen:xen:*:* 		4.14.0
4.13.0
3.4.0 		4.14.3
4.13.4
4.12.4



2024-11-21 15:00
2021-11-24 		Show GitHub Exploit DB Packet Storm
76 8.6
7.8 		HIGH
Network 		guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of memory, it may be able to issue hypercalls to increase its memory allocation beyond the administrat… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2021-28706 cpe:2.3:o:xen:xen:*:* 3.2 4.12 2024-11-21 15:00
2021-11-24 		Show GitHub Exploit DB Packet Storm
77 8.8
6.9 		HIGH
Local 		PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be starte… NVD-CWE-noinfo
CVE-2021-28708 cpe:2.3:o:xen:xen:*:* 4.7.0 4.15.1 2024-11-21 15:00
2021-11-24 		Show GitHub Exploit DB Packet Storm
78 8.8
6.9 		HIGH
Local 		PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be starte… NVD-CWE-noinfo
CVE-2021-28707 cpe:2.3:o:xen:xen:*:* 4.7.0 4.15.1 2024-11-21 15:00
2021-11-24 		Show GitHub Exploit DB Packet Storm
79 8.8
6.9 		HIGH
Local 		PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be starte… NVD-CWE-noinfo
CVE-2021-28704 cpe:2.3:o:xen:xen:*:* 4.7.0 4.15.1 2024-11-21 15:00
2021-11-24 		Show GitHub Exploit DB Packet Storm
80 8.8
6.9 		HIGH
Local 		certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared betw… CWE-269
 Improper Privilege Management 		CVE-2021-28710 cpe:2.3:o:xen:xen:4.15.0:* 2024-11-21 15:00
2021-11-22 		Show GitHub Exploit DB Packet Storm