Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
201	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
202	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
203	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
204	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
205	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
206	Xen 4.9	4.9.4			3	55	66	3
207	Xen 4.8	4.8.5			10	58	68	3
208	Xen 4.7	4.7.6			12	57	73	4
209	Xen 4.6	4.6.6			11	62	82	8
210	Xen 4.5	4.5.5			11	67	87	16
211	Xen 4.4	4.4.4			11	67	98	25
212	Xen 4.3	4.3.4			11	68	99	23
213	Xen 4.2	4.2.5			11	70	126	34
214	Xen 4.14	4.14.3			0	21	30	3
215	Xen 4.13	4.13.4			0	26	37	3
216	Xen 4.12	4.12.4			1	30	46	3
217	Xen 4.11	4.11.4			1	45	53	3
218	Xen 4.10	4.10.4			2	43	57	3
219	Xen 4.1	4.1.6.1			11	74	122	32
220	Xen 4.0	4.0.4			11	64	104	28
221	Xen 3.4	3.4.4			11	58	84	21
222	Xen 3.3	3.3.2			11	53	82	18
223	Xen 3.2	3.2.3			11	52	76	15
224	Xen 3.1	3.1.4			11	44	71	10
225	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
201	6.5 4.9	MEDIUM Local	An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled.	CWE-772 Missing Release of Resource after Effective Lifetime	CVE-2017-15593	cpe:2.3:o:xen:xen::	4.9.0	2024-11-21 12:14 2017-10-18	Show	GitHub Exploit DB Packet Storm

202	8.8 7.2	HIGH Local	An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishan…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2017-15592	cpe:2.3:o:xen:xen::	4.9.0	2024-11-21 12:14 2017-10-18	Show	GitHub Exploit DB Packet Storm

203	6.5 4.9	MEDIUM Local	An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers (who control a stub domain kernel or tool stack) to cause a denial of service (host OS crash) because of a missing comparison (of…	CWE-20 Improper Input Validation	CVE-2017-15591	cpe:2.3:o:xen:xen:4.9.0:* cpe:2.3:o:xen:xen:4.8.1:* cpe:2.3:o:xen:xen:4.8.0:* cpe:2.3:o:xen:xen:4.7.3:* cpe…		2024-11-21 12:14 2017-10-18	Show	GitHub Exploit DB Packet Storm

204	8.8 4.6	HIGH Local	An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.	NVD-CWE-noinfo	CVE-2017-15590	cpe:2.3:o:xen:xen:4.9.0:*		2024-11-21 12:14 2017-10-18	Show	GitHub Exploit DB Packet Storm

205	6.5 2.1	MEDIUM Local	An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS (or an arbitrary guest OS) because intercepted I/O operations can cause a…	CWE-200 Information Exposure	CVE-2017-15589	cpe:2.3:o:xen:xen:4.9.0:*		2024-11-21 12:14 2017-10-18	Show	GitHub Exploit DB Packet Storm

206	7.8 6.9	HIGH Local	An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to execute arbitrary code on the host OS because of a race condition that can cause a stale TLB entry.	CWE-362 Race Condition	CVE-2017-15588	cpe:2.3:o:xen:xen:4.9.0:*		2024-11-21 12:14 2017-10-18	Show	GitHub Exploit DB Packet Storm

207	5.5 4.9	MEDIUM Local	Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no …	CWE-772 Missing Release of Resource after Effective Lifetime	CVE-2017-14431	cpe:2.3:o:xen:xen:4.8.1:* cpe:2.3:o:xen:xen:4.8.0:* cpe:2.3:o:xen:xen:4.7.1:* cpe:2.3:o:xen:xen:4.6.5:* cpe…		2024-11-21 12:12 2017-09-14	Show	GitHub Exploit DB Packet Storm

208	8.8 7.2	HIGH Local	A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accou…	NVD-CWE-noinfo	CVE-2017-14319	cpe:2.3:o:xen:xen::	4.9.0	2024-11-21 12:12 2017-09-13	Show	GitHub Exploit DB Packet Storm

209	5.6 4.7	MEDIUM Local	A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xens…	CWE-362 Race Condition	CVE-2017-14317	cpe:2.3:o:xen:xen::	4.9.0	2024-11-21 12:12 2017-09-13	Show	GitHub Exploit DB Packet Storm

210	8.8 7.2	HIGH Local	A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memf…	CWE-125 Out-of-bounds Read	CVE-2017-14316	cpe:2.3:o:xen:xen::	4.9.0	2024-11-21 12:12 2017-09-13	Show	GitHub Exploit DB Packet Storm