Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
281 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
282 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
283 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
284 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
285 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
286 Xen 4.9 4.9.4 3 55 66 3
287 Xen 4.8 4.8.5 10 58 68 3
288 Xen 4.7 4.7.6 12 57 73 4
289 Xen 4.6 4.6.6 11 62 82 8
290 Xen 4.5 4.5.5 11 67 87 16
291 Xen 4.4 4.4.4 11 67 98 25
292 Xen 4.3 4.3.4 11 68 99 23
293 Xen 4.2 4.2.5 11 70 126 34
294 Xen 4.14 4.14.3 0 21 30 3
295 Xen 4.13 4.13.4 0 26 37 3
296 Xen 4.12 4.12.4 1 30 46 3
297 Xen 4.11 4.11.4 1 45 53 3
298 Xen 4.10 4.10.4 2 43 57 3
299 Xen 4.1 4.1.6.1 11 74 122 32
300 Xen 4.0 4.0.4 11 64 104 28
301 Xen 3.4 3.4.4 11 58 84 21
302 Xen 3.3 3.3.2 11 53 82 18
303 Xen 3.2 3.2.3 11 52 76 15
304 Xen 3.1 3.1.4 11 44 71 10
305 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
281 -
7.2 		HIGH The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted … CWE-264
CWE-20
Permissions, Privileges, and Access Controls
 Improper Input Validation  		CVE-2015-7835 cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe… 		2024-11-21 11:37
2015-10-31 		Show GitHub Exploit DB Packet Storm
282 -
4.7 		MEDIUM Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vecto… CWE-119
CWE-362
Incorrect Access of Indexable Resource ('Range Error') 
Race Condition 		CVE-2015-7814 cpe:2.3:o:xen:xen:*:* 4.6.0 2024-11-21 11:37
2015-10-31 		Show GitHub Exploit DB Packet Storm
283 -
2.1 		LOW Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) … CWE-399
 Resource Management Errors 		CVE-2015-7813 cpe:2.3:o:xen:xen:4.6.0:*
cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe… 		2024-11-21 11:37
2015-10-31 		Show GitHub Exploit DB Packet Storm
284 -
3.6 		LOW libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image. CWE-17
Code 		CVE-2015-7311 cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe:2.3:o:xen:xen:4.4.0:rc1
c… 		2024-11-21 11:36
2015-10-2 		Show GitHub Exploit DB Packet Storm
285 -
2.1 		LOW The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a for… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-6654 cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:35
2015-09-3 		Show GitHub Exploit DB Packet Storm
286 -
7.2 		HIGH Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twi… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-5166 cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:*:* 		4.5.0 2024-11-21 11:32
2015-08-12 		Show GitHub Exploit DB Packet Storm
287 -
9.3 		HIGH The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors. CWE-908
 Use of Uninitialized Resource 		CVE-2015-5165 cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:*:* 		4.5.0 2024-11-21 11:32
2015-08-12 		Show GitHub Exploit DB Packet Storm
288 -
7.2 		HIGH Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2015-5154 cpe:2.3:o:xen:xen:4.5.1:*
cpe:2.3:o:xen:xen:*:* 		4.5.0 2024-11-21 11:32
2015-08-12 		Show GitHub Exploit DB Packet Storm
289 -
6.8 		MEDIUM Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-3259 cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.2:*
cpe:2.3:o:xen:xen:4.4.1:*
cpe:2.3:o:xen:xen:4.4.0:rc1
c… 		2024-11-21 11:29
2015-07-16 		Show GitHub Exploit DB Packet Storm
290 -
4.9 		MEDIUM The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via … CWE-399
 Resource Management Errors 		CVE-2015-4164 cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
c… 		2024-11-21 11:30
2015-06-16 		Show GitHub Exploit DB Packet Storm