Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
261 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
262 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
263 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
264 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
265 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
266 Xen 4.9 4.9.4 3 55 66 3
267 Xen 4.8 4.8.5 10 58 68 3
268 Xen 4.7 4.7.6 12 57 73 4
269 Xen 4.6 4.6.6 11 62 82 8
270 Xen 4.5 4.5.5 11 67 87 16
271 Xen 4.4 4.4.4 11 67 98 25
272 Xen 4.3 4.3.4 11 68 99 23
273 Xen 4.2 4.2.5 11 70 126 34
274 Xen 4.14 4.14.3 0 21 30 3
275 Xen 4.13 4.13.4 0 26 37 3
276 Xen 4.12 4.12.4 1 30 46 3
277 Xen 4.11 4.11.4 1 45 53 3
278 Xen 4.10 4.10.4 2 43 57 3
279 Xen 4.1 4.1.6.1 11 74 122 32
280 Xen 4.0 4.0.4 11 64 104 28
281 Xen 3.4 3.4.4 11 58 84 21
282 Xen 3.3 3.3.2 11 53 82 18
283 Xen 3.2 3.2.3 11 52 76 15
284 Xen 3.1 3.1.4 11 44 71 10
285 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
261 8.6
5.0 		HIGH
Network 		Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains … CWE-200
Information Exposure 		CVE-2015-8555 cpe:2.3:o:xen:xen:4.6.1:*
cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.3:*
cpe:2.3:o:xen:xen:4.5.2:*
cpe… 		2024-11-21 11:38
2016-04-14 		Show GitHub Exploit DB Packet Storm
262 6.5
2.1 		MEDIUM
Local 		Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists … CWE-200
Information Exposure 		CVE-2015-8553 cpe:2.3:o:xen:xen:-:* 2024-11-21 11:38
2016-04-14 		Show GitHub Exploit DB Packet Storm
263 4.4
1.7 		MEDIUM
Local 		The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messag… CWE-20
 Improper Input Validation  		CVE-2015-8552 cpe:2.3:o:xen:xen:4.3.4:*
cpe:2.3:o:xen:xen:4.3.3:*
cpe:2.3:o:xen:xen:4.3.2:*
cpe:2.3:o:xen:xen:4.3.1:*
cpe… 		2024-11-21 11:38
2016-04-14 		Show GitHub Exploit DB Packet Storm
264 7.8
7.2 		HIGH
Local 		The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-3157 cpe:2.3:o:xen:xen:4.0.0:* 2024-11-21 11:49
2016-04-13 		Show GitHub Exploit DB Packet Storm
265 5.5
2.1 		MEDIUM
Local 		VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. NVD-CWE-Other
CVE-2016-2271 cpe:2.3:o:xen:xen:4.6.1:*
cpe:2.3:o:xen:xen:4.6.0:* 		2024-11-21 11:48
2016-02-20 		Show GitHub Exploit DB Packet Storm
266 6.8
4.6 		MEDIUM
Network 		Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings. CWE-20
 Improper Input Validation  		CVE-2016-2270 cpe:2.3:o:xen:xen:*:* 4.6.1 2024-11-21 11:48
2016-02-20 		Show GitHub Exploit DB Packet Storm
267 6.3
4.7 		MEDIUM
Network 		The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of… CWE-17
Code 		CVE-2016-1571 cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.2:*
cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:4.5.0:*
cpe… 		2024-11-21 11:46
2016-01-23 		Show GitHub Exploit DB Packet Storm
268 8.5
6.9 		HIGH
Network 		The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or hav… CWE-20
 Improper Input Validation  		CVE-2016-1570 cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.2:*
cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:4.5.0:*
cpe… 		2024-11-21 11:46
2016-01-23 		Show GitHub Exploit DB Packet Storm
269 5.0
2.1 		MEDIUM
Network 		The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to … CWE-254
 7PK - Security Features 		CVE-2015-8615 cpe:2.3:o:xen:xen:4.6.0:* 2024-11-21 11:38
2016-01-9 		Show GitHub Exploit DB Packet Storm
270 -
7.8 		HIGH The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allow… CWE-399
 Resource Management Errors 		CVE-2015-8341 cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.2:*
cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:4.5.0:*
cpe… 		2024-11-21 11:38
2015-12-18 		Show GitHub Exploit DB Packet Storm