Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
171 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
172 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
173 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
174 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
175 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
176 Xen 4.9 4.9.4 3 55 66 3
177 Xen 4.8 4.8.5 10 58 68 3
178 Xen 4.7 4.7.6 12 57 73 4
179 Xen 4.6 4.6.6 11 62 82 8
180 Xen 4.5 4.5.5 11 67 87 16
181 Xen 4.4 4.4.4 11 67 98 25
182 Xen 4.3 4.3.4 11 68 99 23
183 Xen 4.2 4.2.5 11 70 126 34
184 Xen 4.14 4.14.3 0 21 30 3
185 Xen 4.13 4.13.4 0 26 37 3
186 Xen 4.12 4.12.4 1 30 46 3
187 Xen 4.11 4.11.4 1 45 53 3
188 Xen 4.10 4.10.4 2 43 57 3
189 Xen 4.1 4.1.6.1 11 74 122 32
190 Xen 4.0 4.0.4 11 64 104 28
191 Xen 3.4 3.4.4 11 58 84 21
192 Xen 3.3 3.3.2 11 53 82 18
193 Xen 3.2 3.2.3 11 52 76 15
194 Xen 3.1 3.1.4 11 44 71 10
195 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
171 6.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they… CWE-400
 Uncontrolled Resource Consumption 		CVE-2018-15469 cpe:2.3:o:xen:xen:*:* 4.11.0 2024-11-21 12:50
2018-08-18 		Show GitHub Exploit DB Packet Storm
172 7.8
6.8 		HIGH
Local 		An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver all… CWE-125
Out-of-bounds Read 		CVE-2018-15471 cpe:2.3:o:xen:xen:*:* 4.11.0 2024-11-21 12:50
2018-08-18 		Show GitHub Exploit DB Packet Storm
173 6.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operati… CWE-400
 Uncontrolled Resource Consumption 		CVE-2018-15470 cpe:2.3:o:xen:xen:*:* 4.11.0 2024-11-21 12:50
2018-08-18 		Show GitHub Exploit DB Packet Storm
174 6.0
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtua… CWE-863
 Incorrect Authorization 		CVE-2018-15468 cpe:2.3:o:xen:xen:*:* 4.11.0 2024-11-21 12:50
2018-08-18 		Show GitHub Exploit DB Packet Storm
175 7.8
7.2 		HIGH
Local 		An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which al… CWE-665
 Improper Initialization 		CVE-2018-14678 cpe:2.3:o:xen:xen:*:* 4.11.0 2024-11-21 12:49
2018-07-29 		Show GitHub Exploit DB Packet Storm
176 9.9
9.0 		CRITICAL
Network 		Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cpu… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2017-2620 cpe:2.3:o:xen:xen:4.7.1:r7
cpe:2.3:o:xen:xen:4.7.1:r6
cpe:2.3:o:xen:xen:4.7.1:r5
cpe:2.3:o:xen:xen:4.7.1:r4 		4.7.1 2024-11-21 12:23
2018-07-28 		Show GitHub Exploit DB Packet Storm
177 9.1
9.0 		CRITICAL
Network 		Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A pr… - CVE-2017-2615 cpe:2.3:o:xen:xen:4.7.1:r4
cpe:2.3:o:xen:xen:4.7.1:r3
cpe:2.3:o:xen:xen:4.7.1:r2
cpe:2.3:o:xen:xen:4.7.1:r1 		4.7.1 2024-11-21 12:23
2018-07-3 		Show GitHub Exploit DB Packet Storm
178 6.5
2.1 		MEDIUM
Local 		An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least… NVD-CWE-noinfo
CVE-2018-12893 cpe:2.3:o:xen:xen:*:* 4.10.0 2024-11-21 12:46
2018-07-3 		Show GitHub Exploit DB Packet Storm
179 9.9
6.5 		CRITICAL
Network 		An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Maliciou… CWE-200
Information Exposure 		CVE-2018-12892 cpe:2.3:o:xen:xen:*:* 4.7.0 4.10.1 2024-11-21 12:46
2018-07-3 		Show GitHub Exploit DB Packet Storm
180 6.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain poi… NVD-CWE-noinfo
CVE-2018-12891 cpe:2.3:o:xen:xen:*:* 4.10.1 2024-11-21 12:46
2018-07-3 		Show GitHub Exploit DB Packet Storm