Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
251 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
252 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
253 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
254 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
255 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
256 Xen 4.9 4.9.4 3 55 66 3
257 Xen 4.8 4.8.5 10 58 68 3
258 Xen 4.7 4.7.6 12 57 73 4
259 Xen 4.6 4.6.6 11 62 82 8
260 Xen 4.5 4.5.5 11 67 87 16
261 Xen 4.4 4.4.4 11 67 98 25
262 Xen 4.3 4.3.4 11 68 99 23
263 Xen 4.2 4.2.5 11 70 126 34
264 Xen 4.14 4.14.3 0 21 30 3
265 Xen 4.13 4.13.4 0 26 37 3
266 Xen 4.12 4.12.4 1 30 46 3
267 Xen 4.11 4.11.4 1 45 53 3
268 Xen 4.10 4.10.4 2 43 57 3
269 Xen 4.1 4.1.6.1 11 74 122 32
270 Xen 4.0 4.0.4 11 64 104 28
271 Xen 3.4 3.4.4 11 58 84 21
272 Xen 3.3 3.3.2 11 53 82 18
273 Xen 3.2 3.2.3 11 52 76 15
274 Xen 3.1 3.1.4 11 44 71 10
275 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
251 5.6
4.7 		MEDIUM
Local 		The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS … NVD-CWE-Other
CVE-2016-5242 cpe:2.3:o:xen:xen:4.6.1:*
cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.3:*
cpe:2.3:o:xen:xen:4.5.2:*
cpe… 		2024-11-21 11:53
2016-06-7 		Show GitHub Exploit DB Packet Storm
252 4.7
1.9 		MEDIUM
Local 		The libxl device-handling in Xen through 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the… CWE-284
Improper Access Control 		CVE-2016-4963 cpe:2.3:o:xen:xen:4.6.1:*
cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.3:*
cpe:2.3:o:xen:xen:4.5.2:*
cpe… 		2024-11-21 11:53
2016-06-7 		Show GitHub Exploit DB Packet Storm
253 6.7
6.8 		MEDIUM
Local 		The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-4962 cpe:2.3:o:xen:xen:4.6.1:*
cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.3:*
cpe:2.3:o:xen:xen:4.5.2:*
cpe… 		2024-11-21 11:53
2016-06-7 		Show GitHub Exploit DB Packet Storm
254 8.4
7.2 		HIGH
Local 		The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen 4.6.x and earlier does not properly handle the Page Size (PS) page table entry bit at the L4 and L3 page table levels, which might al… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-4480 cpe:2.3:o:xen:xen:*:* 4.6.1 2024-11-21 11:52
2016-05-18 		Show GitHub Exploit DB Packet Storm
255 8.8
7.2 		HIGH
Local 		Integer overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping. CWE-264
NVD-CWE-Other
Permissions, Privileges, and Access Controls 		CVE-2016-3960 cpe:2.3:o:xen:xen:-:* 2024-11-21 11:51
2016-04-19 		Show GitHub Exploit DB Packet Storm
256 5.5
2.1 		MEDIUM
Local 		Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to… CWE-20
 Improper Input Validation  		CVE-2016-3961 cpe:2.3:o:xen:xen:*:* 4.5.3 2024-11-21 11:51
2016-04-15 		Show GitHub Exploit DB Packet Storm
257 7.5
6.6 		HIGH
Local 		Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a s… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2015-8554 cpe:2.3:o:xen:xen:*:* 4.6.1 2024-11-21 11:38
2016-04-14 		Show GitHub Exploit DB Packet Storm
258 8.2
5.7 		HIGH
Local 		Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend… CWE-284
Improper Access Control 		CVE-2015-8550 cpe:2.3:o:xen:xen:-:* 2024-11-21 11:38
2016-04-14 		Show GitHub Exploit DB Packet Storm
259 3.8
1.7 		LOW
Local 		The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensiti… CWE-200
CWE-284
Information Exposure
Improper Access Control 		CVE-2016-3159 cpe:2.3:o:xen:xen:*:* 4.3.0
4.4.0
4.5.0
4.6.0 		4.3.4
4.4.4
4.5.3
4.6.1





2024-11-21 11:49
2016-04-14 		Show GitHub Exploit DB Packet Storm
260 3.8
1.7 		LOW
Local 		The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive … CWE-200
CWE-284
Information Exposure
Improper Access Control 		CVE-2016-3158 cpe:2.3:o:xen:xen:*:* 4.4.0 2024-11-21 11:49
2016-04-14 		Show GitHub Exploit DB Packet Storm