Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
161	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
162	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
163	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
164	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
165	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
166	Xen 4.9	4.9.4			3	55	66	3
167	Xen 4.8	4.8.5			10	58	68	3
168	Xen 4.7	4.7.6			12	57	73	4
169	Xen 4.6	4.6.6			11	62	82	8
170	Xen 4.5	4.5.5			11	67	87	16
171	Xen 4.4	4.4.4			11	67	98	25
172	Xen 4.3	4.3.4			11	68	99	23
173	Xen 4.2	4.2.5			11	70	126	34
174	Xen 4.14	4.14.3			0	21	30	3
175	Xen 4.13	4.13.4			0	26	37	3
176	Xen 4.12	4.12.4			1	30	46	3
177	Xen 4.11	4.11.4			1	45	53	3
178	Xen 4.10	4.10.4			2	43	57	3
179	Xen 4.1	4.1.6.1			11	74	122	32
180	Xen 4.0	4.0.4			11	64	104	28
181	Xen 3.4	3.4.4			11	58	84	21
182	Xen 3.3	3.3.2			11	53	82	18
183	Xen 3.2	3.2.3			11	52	76	15
184	Xen 3.1	3.1.4			11	44	71	10
185	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
161	6.5 4.9	MEDIUM Local	An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2019-17351	cpe:2.3:o:xen:xen::		4.12.1	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

162	5.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.12.x allowing Arm domU attackers to cause a denial of service (infinite loop) involving a compare-and-exchange operation.	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2019-17350	cpe:2.3:o:xen:xen::		4.12.1	2024-11-21 13:32 2019-10-8	Show	GitHub Exploit DB Packet Storm

163	6.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service (host OS hang) because Xen does not work around Intel's mishandling of certai…	CWE-20 Improper Input Validation	CVE-2018-19967	cpe:2.3:o:xen:xen::		4.11.1	2024-11-21 12:58 2018-12-8	Show	GitHub Exploit DB Packet Storm

164	8.8 7.2	HIGH Local	An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for…	CWE-436 Interpretation Conflict	CVE-2018-19966	cpe:2.3:o:xen:xen::	4.11.0	4.11.1	2024-11-21 12:58 2018-12-8	Show	GitHub Exploit DB Packet Storm

165	5.6 4.7	MEDIUM Local	An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TL…	NVD-CWE-noinfo	CVE-2018-19965	cpe:2.3:o:xen:xen::		4.11.1	2024-11-21 12:58 2018-12-8	Show	GitHub Exploit DB Packet Storm

166	6.5 4.9	MEDIUM Local	An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.	NVD-CWE-noinfo	CVE-2018-19964	cpe:2.3:o:xen:xen::	4.11.0	4.11.1	2024-11-21 12:58 2018-12-8	Show	GitHub Exploit DB Packet Storm

167	7.8 6.9	HIGH Local	An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for exte…	CWE-617 Reachable Assertion	CVE-2018-19963	cpe:2.3:o:xen:xen:4.11.0:*			2024-11-21 12:58 2018-12-8	Show	GitHub Exploit DB Packet Storm

168	7.8 6.9	HIGH Local	An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.	CWE-200 Information Exposure	CVE-2018-19962	cpe:2.3:o:xen:xen::		4.11.1	2024-11-21 12:58 2018-12-8	Show	GitHub Exploit DB Packet Storm

169	7.8 6.9	HIGH Local	An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.	CWE-459 Incomplete Cleanup	CVE-2018-19961	cpe:2.3:o:xen:xen::		4.11.1	2024-11-21 12:58 2018-12-8	Show	GitHub Exploit DB Packet Storm

170	8.8 7.2	HIGH Local	An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecifi…	CWE-476 NULL Pointer Dereference	CVE-2018-18883	cpe:2.3:o:xen:xen::	4.9.0	4.11.0	2024-11-21 12:56 2018-11-1	Show	GitHub Exploit DB Packet Storm