Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
81 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
82 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
83 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
84 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
85 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
86 Xen 4.9 4.9.4 3 55 66 3
87 Xen 4.8 4.8.5 10 58 68 3
88 Xen 4.7 4.7.6 12 57 73 4
89 Xen 4.6 4.6.6 11 62 82 8
90 Xen 4.5 4.5.5 11 67 87 16
91 Xen 4.4 4.4.4 11 67 98 25
92 Xen 4.3 4.3.4 11 68 99 23
93 Xen 4.2 4.2.5 11 70 126 34
94 Xen 4.14 4.14.3 0 21 30 3
95 Xen 4.13 4.13.4 0 26 37 3
96 Xen 4.12 4.12.4 1 30 46 3
97 Xen 4.11 4.11.4 1 45 53 3
98 Xen 4.10 4.10.4 2 43 57 3
99 Xen 4.1 4.1.6.1 11 74 122 32
100 Xen 4.0 4.0.4 11 64 104 28
101 Xen 3.4 3.4.4 11 58 84 21
102 Xen 3.3 3.3.2 11 53 82 18
103 Xen 3.2 3.2.3 11 52 76 15
104 Xen 3.1 3.1.4 11 44 71 10
105 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
81 7.6
4.6 		HIGH
Physics 		PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically… CWE-269
 Improper Privilege Management 		CVE-2021-28702 cpe:2.3:o:xen:xen:*:* 4.13.0 4.15.1 2024-11-21 15:00
2021-10-6 		Show GitHub Exploit DB Packet Storm
82 7.8
4.4 		HIGH
Local 		Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire… CWE-362
Race Condition 		CVE-2021-28701 cpe:2.3:o:xen:xen:*:* 4.0.0 2024-11-21 15:00
2021-09-8 		Show GitHub Exploit DB Packet Storm
83 4.9
6.8 		MEDIUM
Network 		xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not se… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2021-28700 cpe:2.3:o:xen:xen:*:* 4.12.0 2024-11-21 15:00
2021-08-28 		Show GitHub Exploit DB Packet Storm
84 5.5
4.9 		MEDIUM
Local 		inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a resu… NVD-CWE-noinfo
CVE-2021-28699 cpe:2.3:o:xen:xen:*:* 4.10.0 2024-11-21 15:00
2021-08-28 		Show GitHub Exploit DB Packet Storm
85 5.5
4.9 		MEDIUM
Local 		long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In th… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2021-28698 cpe:2.3:o:xen:xen:*:* 3.2.0 2024-11-21 15:00
2021-08-28 		Show GitHub Exploit DB Packet Storm
86 7.8
4.6 		HIGH
Local 		grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a … CWE-362
Race Condition 		CVE-2021-28697 cpe:2.3:o:xen:xen:*:* 4.0.0 4.15.0 2024-11-21 15:00
2021-08-28 		Show GitHub Exploit DB Packet Storm
87 5.5
2.1 		MEDIUM
Local 		xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive d… NVD-CWE-noinfo
CVE-2021-28693 cpe:2.3:o:xen:xen:4.15.0:rc1
cpe:2.3:o:xen:xen:*:* 		4.12.0 4.15.0 2024-11-21 15:00
2021-06-30 		Show GitHub Exploit DB Packet Storm
88 7.1
5.6 		HIGH
Local 		inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. In the current implementation in Xen, a… CWE-269
 Improper Privilege Management 		CVE-2021-28692 cpe:2.3:o:xen:xen:*:* 3.2.0 2024-11-21 15:00
2021-06-30 		Show GitHub Exploit DB Packet Storm
89 6.5
4.0 		MEDIUM
Network 		x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort speculative security vulnerability. Please see https://xenbits.xen.org/xsa/advisory-305.html for detai… NVD-CWE-noinfo
CVE-2021-28690 cpe:2.3:o:xen:xen:4.15.0:rc1
cpe:2.3:o:xen:xen:*:* 		4.12 4.15.0 2024-11-21 15:00
2021-06-29 		Show GitHub Exploit DB Packet Storm
90 5.5
2.1 		MEDIUM
Local 		x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely use… CWE-212
 Improper Removal of Sensitive Information Before Storage or Transfer 		CVE-2021-28689 cpe:2.3:o:xen:xen:*:* 4.12.0 2024-11-21 15:00
2021-06-12 		Show GitHub Exploit DB Packet Storm