Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
271	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
272	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
273	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
274	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
275	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
276	Xen 4.9	4.9.4			3	55	66	3
277	Xen 4.8	4.8.5			10	58	68	3
278	Xen 4.7	4.7.6			12	57	73	4
279	Xen 4.6	4.6.6			11	62	82	8
280	Xen 4.5	4.5.5			11	67	87	16
281	Xen 4.4	4.4.4			11	67	98	25
282	Xen 4.3	4.3.4			11	68	99	23
283	Xen 4.2	4.2.5			11	70	126	34
284	Xen 4.14	4.14.3			0	21	30	3
285	Xen 4.13	4.13.4			0	26	37	3
286	Xen 4.12	4.12.4			1	30	46	3
287	Xen 4.11	4.11.4			1	45	53	3
288	Xen 4.10	4.10.4			2	43	57	3
289	Xen 4.1	4.1.6.1			11	74	122	32
290	Xen 4.0	4.0.4			11	64	104	28
291	Xen 3.4	3.4.4			11	58	84	21
292	Xen 3.3	3.3.2			11	53	82	18
293	Xen 3.2	3.2.3			11	52	76	15
294	Xen 3.1	3.1.4			11	44	71	10
295	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
271	- 4.7	MEDIUM	The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host cr…	CWE-17 Code	CVE-2015-8340	cpe:2.3:o:xen:xen:4.6.0:* cpe:2.3:o:xen:xen:4.5.2:* cpe:2.3:o:xen:xen:4.5.1:* cpe:2.3:o:xen:xen:4.5.0:* cpe…		2024-11-21 11:38 2015-12-18	Show	GitHub Exploit DB Packet Storm

272	- 4.7	MEDIUM	The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host …	CWE-19 Data Processing Errors	CVE-2015-8339	cpe:2.3:o:xen:xen:4.6.0:* cpe:2.3:o:xen:xen:4.5.2:* cpe:2.3:o:xen:xen:4.5.1:* cpe:2.3:o:xen:xen:4.5.0:* cpe…		2024-11-21 11:38 2015-12-18	Show	GitHub Exploit DB Packet Storm

273	- 7.2	HIGH	Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_me…	CWE-254 7PK - Security Features	CVE-2015-8338	cpe:2.3:o:xen:xen::	4.6.0	2024-11-21 11:38 2015-12-18	Show	GitHub Exploit DB Packet Storm

274	- 4.9	MEDIUM	The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multic…	CWE-254 7PK - Security Features	CVE-2015-7812	cpe:2.3:o:xen:xen:4.6.0:* cpe:2.3:o:xen:xen:4.5.2:* cpe:2.3:o:xen:xen:4.5.1:* cpe:2.3:o:xen:xen:4.5.0:* cpe…		2024-11-21 11:37 2015-11-18	Show	GitHub Exploit DB Packet Storm

275	- 4.7	MEDIUM	The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) excepti…	CWE-399 Resource Management Errors	CVE-2015-8104	cpe:2.3:o:xen:xen:4.6.5:* cpe:2.3:o:xen:xen:4.6.4:* cpe:2.3:o:xen:xen:4.6.2:* cpe:2.3:o:xen:xen:4.6.1:* cpe…		2024-11-21 11:38 2015-11-16	Show	GitHub Exploit DB Packet Storm

276	- 4.9	MEDIUM	The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Chec…	CWE-399 Resource Management Errors	CVE-2015-5307	cpe:2.3:o:xen:xen:4.6.6:* cpe:2.3:o:xen:xen:4.6.5:* cpe:2.3:o:xen:xen:4.6.4:* cpe:2.3:o:xen:xen:4.6.3:* cpe…		2024-11-21 11:32 2015-11-16	Show	GitHub Exploit DB Packet Storm

277	- 2.1	LOW	The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size whe…	CWE-399 Resource Management Errors	CVE-2015-7972	cpe:2.3:o:xen:xen:4.6.0:* cpe:2.3:o:xen:xen:4.5.1:* cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe…		2024-11-21 11:37 2015-10-31	Show	GitHub Exploit DB Packet Storm

278	- 2.1	LOW	Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence o…	CWE-19 Data Processing Errors	CVE-2015-7971	cpe:2.3:o:xen:xen:4.6.0:* cpe:2.3:o:xen:xen:4.5.1:* cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe…		2024-11-21 11:37 2015-10-31	Show	GitHub Exploit DB Packet Storm

279	- 4.9	MEDIUM	The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU cons…	CWE-399 Resource Management Errors	CVE-2015-7970	cpe:2.3:o:xen:xen:3.4.4:* cpe:2.3:o:xen:xen:3.4.3:* cpe:2.3:o:xen:xen:3.4.2:* cpe:2.3:o:xen:xen:3.4.1:* cpe…		2024-11-21 11:37 2015-10-31	Show	GitHub Exploit DB Packet Storm

280	- 4.9	MEDIUM	Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" …	CWE-399 Resource Management Errors	CVE-2015-7969	cpe:2.3:o:xen:xen:4.6.0:* cpe:2.3:o:xen:xen:4.5.1:* cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe…		2024-11-21 11:37 2015-10-31	Show	GitHub Exploit DB Packet Storm