Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
141 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
142 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
143 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
144 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
145 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
146 Xen 4.9 4.9.4 3 55 66 3
147 Xen 4.8 4.8.5 10 58 68 3
148 Xen 4.7 4.7.6 12 57 73 4
149 Xen 4.6 4.6.6 11 62 82 8
150 Xen 4.5 4.5.5 11 67 87 16
151 Xen 4.4 4.4.4 11 67 98 25
152 Xen 4.3 4.3.4 11 68 99 23
153 Xen 4.2 4.2.5 11 70 126 34
154 Xen 4.14 4.14.3 0 21 30 3
155 Xen 4.13 4.13.4 0 26 37 3
156 Xen 4.12 4.12.4 1 30 46 3
157 Xen 4.11 4.11.4 1 45 53 3
158 Xen 4.10 4.10.4 2 43 57 3
159 Xen 4.1 4.1.6.1 11 74 122 32
160 Xen 4.0 4.0.4 11 64 104 28
161 Xen 3.4 3.4.4 11 58 84 21
162 Xen 3.3 3.3.2 11 53 82 18
163 Xen 3.2 3.2.3 11 52 76 15
164 Xen 3.1 3.1.4 11 44 71 10
165 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
141 6.6
6.0 		MEDIUM
Network 		An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an inc… CWE-362
Race Condition 		CVE-2019-19580 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:34
2019-12-12 		Show GitHub Exploit DB Packet Storm
142 8.8
7.2 		HIGH
Local 		An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "… CWE-682
 Incorrect Calculation 		CVE-2019-19578 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:34
2019-12-12 		Show GitHub Exploit DB Packet Storm
143 7.2
7.2 		HIGH
Physics 		An issue was discovered in Xen through 4.12.x allowing x86 AMD HVM guest OS users to cause a denial of service or possibly gain privileges by triggering data-structure access during pagetable-height … CWE-401
CWE-662
 Missing Release of Memory after Effective Lifetime
 Improper Synchronization 		CVE-2019-19577 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:34
2019-12-12 		Show GitHub Exploit DB Packet Storm
144 6.8
7.2 		MEDIUM
Physics 		An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device (and assignable-add is not… CWE-20
 Improper Input Validation  		CVE-2019-19579 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:34
2019-12-5 		Show GitHub Exploit DB Packet Storm
145 9.8
9.3 		CRITICAL
Network 		An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by installing and using descriptors. There is missing descriptor table limit checking in x8… CWE-269
 Improper Privilege Management 		CVE-2019-18425 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:33
2019-10-31 		Show GitHub Exploit DB Packet Storm
146 6.8
6.9 		MEDIUM
Physics 		An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device. This occurs because passe… CWE-78
OS Command  		CVE-2019-18424 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:33
2019-10-31 		Show GitHub Exploit DB Packet Storm
147 8.8
8.5 		HIGH
Network 		An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service via a XENMEM_add_to_physmap hypercall. p2m->max_mapped_gfn is used by the functions p2m_resolve_… CWE-193
 Off-by-one Error 		CVE-2019-18423 cpe:2.3:o:xen:xen:*:* 4.8 4.12.1 2024-11-21 13:33
2019-10-31 		Show GitHub Exploit DB Packet Storm
148 8.8
8.5 		HIGH
Network 		An issue was discovered in Xen through 4.12.x allowing ARM guest OS users to cause a denial of service or gain privileges by leveraging the erroneous enabling of interrupts. Interrupts are unconditio… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2019-18422 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:33
2019-10-31 		Show GitHub Exploit DB Packet Storm
149 7.5
7.1 		HIGH
Network 		An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues … CWE-362
Race Condition 		CVE-2019-18421 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:33
2019-10-31 		Show GitHub Exploit DB Packet Storm
150 6.5
6.3 		MEDIUM
Network 		An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via a VCPUOP_initialise hypercall. hypercall_create_continuation() is a variadic function whi… CWE-134
Use of Externally-Controlled Format String 		CVE-2019-18420 cpe:2.3:o:xen:xen:*:* 4.12.1 2024-11-21 13:33
2019-10-31 		Show GitHub Exploit DB Packet Storm