Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
211 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
212 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
213 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
214 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
215 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
216 Xen 4.9 4.9.4 3 55 66 3
217 Xen 4.8 4.8.5 10 58 68 3
218 Xen 4.7 4.7.6 12 57 73 4
219 Xen 4.6 4.6.6 11 62 82 8
220 Xen 4.5 4.5.5 11 67 87 16
221 Xen 4.4 4.4.4 11 67 98 25
222 Xen 4.3 4.3.4 11 68 99 23
223 Xen 4.2 4.2.5 11 70 126 34
224 Xen 4.14 4.14.3 0 21 30 3
225 Xen 4.13 4.13.4 0 26 37 3
226 Xen 4.12 4.12.4 1 30 46 3
227 Xen 4.11 4.11.4 1 45 53 3
228 Xen 4.10 4.10.4 2 43 57 3
229 Xen 4.1 4.1.6.1 11 74 122 32
230 Xen 4.0 4.0.4 11 64 104 28
231 Xen 3.4 3.4.4 11 58 84 21
232 Xen 3.3 3.3.2 11 53 82 18
233 Xen 3.2 3.2.3 11 52 76 15
234 Xen 3.1 3.1.4 11 44 71 10
235 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
211 6.5
4.9 		MEDIUM
Local 		An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gnttab_cache_flush` handles GNTTABOP_cache_flush grant table operations. It checks to see if the calling domain is the owner of the… CWE-476
 NULL Pointer Dereference 		CVE-2017-14318 cpe:2.3:o:xen:xen:4.9.0:*
cpe:2.3:o:xen:xen:4.8.1:*
cpe:2.3:o:xen:xen:4.8.0:*
cpe:2.3:o:xen:xen:4.7.3:*
cpe… 		2024-11-21 12:12
2017-09-13 		Show GitHub Exploit DB Packet Storm
212 7.8
6.9 		HIGH
Local 		Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the hos… CWE-362
Race Condition 		CVE-2017-12136 cpe:2.3:o:xen:xen:4.9.0:*
cpe:2.3:o:xen:xen:4.8.1:*
cpe:2.3:o:xen:xen:4.8.0:*
cpe:2.3:o:xen:xen:4.7.3:*
cpe… 		2024-11-21 12:08
2017-08-24 		Show GitHub Exploit DB Packet Storm
213 6.5
2.1 		MEDIUM
Local 		Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform the guest that a grant is in use. A guest is expected not to modify the grant details while it is in use, whereas the guest is fre… CWE-200
Information Exposure 		CVE-2017-12855 cpe:2.3:o:xen:xen:4.9.0:*
cpe:2.3:o:xen:xen:4.8.1:*
cpe:2.3:o:xen:xen:4.8.0:*
cpe:2.3:o:xen:xen:4.7.3:*
cpe… 		2024-11-21 12:10
2017-08-16 		Show GitHub Exploit DB Packet Storm
214 6.5
5.0 		MEDIUM
Network 		Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225. CWE-20
 Improper Input Validation  		CVE-2017-10923 cpe:2.3:o:xen:xen:4.8.1:*
cpe:2.3:o:xen:xen:4.8.0:*
cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.6.5:*
cpe… 		2024-11-21 12:06
2017-07-5 		Show GitHub Exploit DB Packet Storm
215 7.5
5.0 		HIGH
Network 		The grant-table feature in Xen through 4.8.x mishandles MMIO region grant references, which allows guest OS users to cause a denial of service (loss of grant trackability), aka XSA-224 bug 3. CWE-400
 Uncontrolled Resource Consumption 		CVE-2017-10922 cpe:2.3:o:xen:xen:*:* 4.8.1 2024-11-21 12:06
2017-07-5 		Show GitHub Exploit DB Packet Storm
216 10.0
10.0 		CRITICAL
Network 		The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (coun… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2017-10921 cpe:2.3:o:xen:xen:*:* 4.8.1 2024-11-21 12:06
2017-07-5 		Show GitHub Exploit DB Packet Storm
217 10.0
10.0 		CRITICAL
Network 		The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a deni… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2017-10920 cpe:2.3:o:xen:xen:*:* 4.8.1 2024-11-21 12:06
2017-07-5 		Show GitHub Exploit DB Packet Storm
218 6.5
5.0 		MEDIUM
Network 		Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223. NVD-CWE-noinfo
CVE-2017-10919 cpe:2.3:o:xen:xen:*:* 4.8.1 2024-11-21 12:06
2017-07-5 		Show GitHub Exploit DB Packet Storm
219 10.0
10.0 		CRITICAL
Network 		Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222. CWE-20
 Improper Input Validation  		CVE-2017-10918 cpe:2.3:o:xen:xen:*:* 4.8.1 2024-11-21 12:06
2017-07-5 		Show GitHub Exploit DB Packet Storm
220 9.1
9.4 		CRITICAL
Network 		Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly o… CWE-476
 NULL Pointer Dereference 		CVE-2017-10917 cpe:2.3:o:xen:xen:*:* 4.8.1 2024-11-21 12:06
2017-07-5 		Show GitHub Exploit DB Packet Storm