Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
241 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
242 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
243 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
244 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
245 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
246 Xen 4.9 4.9.4 3 55 66 3
247 Xen 4.8 4.8.5 10 58 68 3
248 Xen 4.7 4.7.6 12 57 73 4
249 Xen 4.6 4.6.6 11 62 82 8
250 Xen 4.5 4.5.5 11 67 87 16
251 Xen 4.4 4.4.4 11 67 98 25
252 Xen 4.3 4.3.4 11 68 99 23
253 Xen 4.2 4.2.5 11 70 126 34
254 Xen 4.14 4.14.3 0 21 30 3
255 Xen 4.13 4.13.4 0 26 37 3
256 Xen 4.12 4.12.4 1 30 46 3
257 Xen 4.11 4.11.4 1 45 53 3
258 Xen 4.10 4.10.4 2 43 57 3
259 Xen 4.1 4.1.6.1 11 74 122 32
260 Xen 4.0 4.0.4 11 64 104 28
261 Xen 3.4 3.4.4 11 58 84 21
262 Xen 3.3 3.3.2 11 53 82 18
263 Xen 3.2 3.2.3 11 52 76 15
264 Xen 3.1 3.1.4 11 44 71 10
265 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
241 7.8
4.6 		HIGH
Local 		Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-10013 cpe:2.3:o:xen:xen:*:* 4.8.0 2024-11-21 11:43
2017-01-27 		Show GitHub Exploit DB Packet Storm
242 6.0
4.9 		MEDIUM
Local 		The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical add… CWE-20
 Improper Input Validation  		CVE-2016-9385 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.4:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe… 		2024-11-21 12:01
2017-01-24 		Show GitHub Exploit DB Packet Storm
243 7.8
4.6 		HIGH
Local 		Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a gue… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-9382 cpe:2.3:o:xen:xen:4.7.1:*
cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.4:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe… 		2024-11-21 12:01
2017-01-24 		Show GitHub Exploit DB Packet Storm
244 6.3
3.3 		MEDIUM
Local 		Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which allows local x86 HVM guest OS users to read or modify FPU, MMX, or XMM register state information belonging to arbitrary tasks o… CWE-362
Race Condition 		CVE-2016-7777 cpe:2.3:o:xen:xen:*:* 4.7.0 2024-11-21 11:58
2016-10-7 		Show GitHub Exploit DB Packet Storm
245 6.7
7.2 		MEDIUM
Local 		Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain s… CWE-416
 Use After Free 		CVE-2016-7154 cpe:2.3:o:xen:xen:4.4.4:*
cpe:2.3:o:xen:xen:4.4.3:*
cpe:2.3:o:xen:xen:4.4.2:*
cpe:2.3:o:xen:xen:4.4.1:*
cpe… 		2024-11-21 11:57
2016-09-21 		Show GitHub Exploit DB Packet Storm
246 4.1
1.5 		MEDIUM
Local 		Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-7094 cpe:2.3:o:xen:xen:*:* 4.7.0 2024-11-21 11:57
2016-09-21 		Show GitHub Exploit DB Packet Storm
247 8.2
7.2 		HIGH
Local 		Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-7093 cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe:2.3:o:xen:xen:4.5.3:* 		2024-11-21 11:57
2016-09-21 		Show GitHub Exploit DB Packet Storm
248 8.2
6.8 		HIGH
Local 		The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-7092 cpe:2.3:o:xen:xen:-:* 2024-11-21 11:57
2016-09-21 		Show GitHub Exploit DB Packet Storm
249 6.2
4.9 		MEDIUM
Local 		Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial … CWE-20
 Improper Input Validation  		CVE-2016-6259 cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe:2.3:o:xen:xen:4.6.1:*
cpe:2.3:o:xen:xen:4.6.0:*
cpe… 		2024-11-21 11:55
2016-08-3 		Show GitHub Exploit DB Packet Storm
250 8.8
7.2 		HIGH
Local 		The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. CWE-284
Improper Access Control 		CVE-2016-6258 cpe:2.3:o:xen:xen:4.7.0:*
cpe:2.3:o:xen:xen:4.6.3:*
cpe:2.3:o:xen:xen:4.6.1:*
cpe:2.3:o:xen:xen:4.6.0:*
cpe… 		2024-11-21 11:55
2016-08-3 		Show GitHub Exploit DB Packet Storm