Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
181	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
182	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
183	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
184	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
185	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
186	Xen 4.9	4.9.4			3	55	66	3
187	Xen 4.8	4.8.5			10	58	68	3
188	Xen 4.7	4.7.6			12	57	73	4
189	Xen 4.6	4.6.6			11	62	82	8
190	Xen 4.5	4.5.5			11	67	87	16
191	Xen 4.4	4.4.4			11	67	98	25
192	Xen 4.3	4.3.4			11	68	99	23
193	Xen 4.2	4.2.5			11	70	126	34
194	Xen 4.14	4.14.3			0	21	30	3
195	Xen 4.13	4.13.4			0	26	37	3
196	Xen 4.12	4.12.4			1	30	46	3
197	Xen 4.11	4.11.4			1	45	53	3
198	Xen 4.10	4.10.4			2	43	57	3
199	Xen 4.1	4.1.6.1			11	74	122	32
200	Xen 4.0	4.0.4			11	64	104	28
201	Xen 3.4	3.4.4			11	58	84	21
202	Xen 3.3	3.3.2			11	53	82	18
203	Xen 3.2	3.2.3			11	52	76	15
204	Xen 3.1	3.1.4			11	44	71	10
205	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
181	8.8 7.2	HIGH Local	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain h…	NVD-CWE-noinfo	CVE-2018-10982	cpe:2.3:o:xen:xen::		4.10.1	2024-11-21 12:42 2018-05-11	Show	GitHub Exploit DB Packet Storm

182	6.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid tra…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2018-10981	cpe:2.3:o:xen:xen::		4.10.1	2024-11-21 12:42 2018-05-11	Show	GitHub Exploit DB Packet Storm

183	7.8 7.2	HIGH Local	A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, result…	CWE-362 Race Condition	CVE-2018-8897	cpe:2.3:o:xen:xen:-:*			2024-11-21 13:14 2018-05-9	Show	GitHub Exploit DB Packet Storm

184	5.6 1.9	MEDIUM Local	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifyin…	CWE-200 Information Exposure	CVE-2018-10472	cpe:2.3:o:xen:xen::		4.10.1	2024-11-21 12:41 2018-04-28	Show	GitHub Exploit DB Packet Storm

185	6.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of …	CWE-787 Out-of-bounds Write	CVE-2018-10471	cpe:2.3:o:xen:xen::		4.10.1	2024-11-21 12:41 2018-04-28	Show	GitHub Exploit DB Packet Storm

186	6.5 4.9	MEDIUM Local	An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of confi…	CWE-476 NULL Pointer Dereference	CVE-2018-7542	cpe:2.3:o:xen:xen::	4.8.0	4.10.0	2024-11-21 13:12 2018-02-28	Show	GitHub Exploit DB Packet Storm

187	8.8 6.1	HIGH Local	An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.	NVD-CWE-noinfo	CVE-2018-7541	cpe:2.3:o:xen:xen::		4.10.0	2024-11-21 13:12 2018-02-28	Show	GitHub Exploit DB Packet Storm

188	6.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing.	CWE-400 Uncontrolled Resource Consumption	CVE-2018-7540	cpe:2.3:o:xen:xen::		4.10.0	2024-11-21 13:12 2018-02-28	Show	GitHub Exploit DB Packet Storm

189	6.5 4.9	MEDIUM Local	In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2018-5244	cpe:2.3:o:xen:xen::	4.10.0		2024-11-21 13:08 2018-01-6	Show	GitHub Exploit DB Packet Storm

190	7.8 6.9	HIGH Local	An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.	NVD-CWE-noinfo	CVE-2017-17566	cpe:2.3:o:xen:xen::		4.9.1	2024-11-21 12:18 2017-12-13	Show	GitHub Exploit DB Packet Storm