Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
231 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
232 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
233 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
234 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
235 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
236 Xen 4.9 4.9.4 3 55 66 3
237 Xen 4.8 4.8.5 10 58 68 3
238 Xen 4.7 4.7.6 12 57 73 4
239 Xen 4.6 4.6.6 11 62 82 8
240 Xen 4.5 4.5.5 11 67 87 16
241 Xen 4.4 4.4.4 11 67 98 25
242 Xen 4.3 4.3.4 11 68 99 23
243 Xen 4.2 4.2.5 11 70 126 34
244 Xen 4.14 4.14.3 0 21 30 3
245 Xen 4.13 4.13.4 0 26 37 3
246 Xen 4.12 4.12.4 1 30 46 3
247 Xen 4.11 4.11.4 1 45 53 3
248 Xen 4.10 4.10.4 2 43 57 3
249 Xen 4.1 4.1.6.1 11 74 122 32
250 Xen 4.0 4.0.4 11 64 104 28
251 Xen 3.4 3.4.4 11 58 84 21
252 Xen 3.3 3.3.2 11 53 82 18
253 Xen 3.2 3.2.3 11 52 76 15
254 Xen 3.1 3.1.4 11 44 71 10
255 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
231 6.5
4.9 		MEDIUM
Local 		Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP. CWE-284
Improper Access Control 		CVE-2016-9818 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:* 		2024-11-21 12:01
2017-02-28 		Show GitHub Exploit DB Packet Storm
232 6.5
4.9 		MEDIUM
Local 		Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. CWE-284
Improper Access Control 		CVE-2016-9817 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:* 		2024-11-21 12:01
2017-02-28 		Show GitHub Exploit DB Packet Storm
233 6.5
4.9 		MEDIUM
Local 		Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2. CWE-284
Improper Access Control 		CVE-2016-9816 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:* 		2024-11-21 12:01
2017-02-28 		Show GitHub Exploit DB Packet Storm
234 6.5
4.9 		MEDIUM
Local 		Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort. CWE-284
Improper Access Control 		CVE-2016-9815 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:* 		2024-11-21 12:01
2017-02-28 		Show GitHub Exploit DB Packet Storm
235 6.5
2.1 		MEDIUM
Local 		Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table. CWE-200
Information Exposure 		CVE-2016-9384 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:* 		2024-11-21 12:01
2017-02-23 		Show GitHub Exploit DB Packet Storm
236 5.5
2.1 		MEDIUM
Local 		Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest cra… CWE-284
Improper Access Control 		CVE-2016-9378 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.4:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe… 		2024-11-21 12:01
2017-02-23 		Show GitHub Exploit DB Packet Storm
237 5.5
2.1 		MEDIUM
Local 		Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest cra… CWE-682
 Incorrect Calculation 		CVE-2016-9377 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.4:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe… 		2024-11-21 12:01
2017-02-23 		Show GitHub Exploit DB Packet Storm
238 3.3
2.1 		LOW
Local 		CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix. CWE-200
Information Exposure 		CVE-2016-9932 cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.5:*
cpe… 		2024-11-21 12:02
2017-01-27 		Show GitHub Exploit DB Packet Storm
239 5.5
2.1 		MEDIUM
Local 		VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging … CWE-476
 NULL Pointer Dereference 		CVE-2016-10025 cpe:2.3:o:xen:xen:4.8.0:*
cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.4:*
cpe… 		2024-11-21 11:43
2017-01-27 		Show GitHub Exploit DB Packet Storm
240 6.0
4.9 		MEDIUM
Local 		Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kern… CWE-20
 Improper Input Validation  		CVE-2016-10024 cpe:2.3:o:xen:xen:*:* 4.8.0 2024-11-21 11:43
2017-01-27 		Show GitHub Exploit DB Packet Storm