Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
151	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
152	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
153	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
154	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
155	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
156	Xen 4.9	4.9.4			3	55	66	3
157	Xen 4.8	4.8.5			10	58	68	3
158	Xen 4.7	4.7.6			12	57	73	4
159	Xen 4.6	4.6.6			11	62	82	8
160	Xen 4.5	4.5.5			11	67	87	16
161	Xen 4.4	4.4.4			11	67	98	25
162	Xen 4.3	4.3.4			11	68	99	23
163	Xen 4.2	4.2.5			11	70	126	34
164	Xen 4.14	4.14.3			0	21	30	3
165	Xen 4.13	4.13.4			0	26	37	3
166	Xen 4.12	4.12.4			1	30	46	3
167	Xen 4.11	4.11.4			1	45	53	3
168	Xen 4.10	4.10.4			2	43	57	3
169	Xen 4.1	4.1.6.1			11	74	122	32
170	Xen 4.0	4.0.4			11	64	104	28
171	Xen 3.4	3.4.4			11	58	84	21
172	Xen 3.3	3.3.2			11	53	82	18
173	Xen 3.2	3.2.3			11	52	76	15
174	Xen 3.1	3.1.4			11	44	71	10
175	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
151	5.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a LoadExcl or StoreExcl operation.	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2019-17349	cpe:2.3:o:xen:xen::		4.12.1	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

152	6.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable…	CWE-20 Improper Input Validation	CVE-2019-17348	cpe:2.3:o:xen:xen::		4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

153	7.8 4.6	HIGH Local	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incom…	CWE-20 Improper Input Validation	CVE-2019-17347	cpe:2.3:o:xen:xen::	4.1.0	4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

154	8.8 7.2	HIGH Local	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) a…	CWE-20 Improper Input Validation	CVE-2019-17346	cpe:2.3:o:xen:xen::		4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

155	6.5 4.9	MEDIUM Local	An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of…	NVD-CWE-noinfo	CVE-2019-17345	cpe:2.3:o:xen:xen::	4.8.0	4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

156	6.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.	CWE-662 Improper Synchronization	CVE-2019-17344	cpe:2.3:o:xen:xen::		4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

157	6.8 4.6	MEDIUM Physics	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.	CWE-667 Improper Locking	CVE-2019-17343	cpe:2.3:o:xen:xen::		4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

158	7.0 4.4	HIGH Local	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introdu…	CWE-362 Race Condition	CVE-2019-17342	cpe:2.3:o:xen:xen::		4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

159	7.8 6.9	HIGH Local	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passe…	CWE-362 Race Condition	CVE-2019-17341	cpe:2.3:o:xen:xen::		4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

160	8.8 6.1	HIGH Local	An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2019-17340	cpe:2.3:o:xen:xen::	3.2.0	4.11.2	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm