Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
291	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
292	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
293	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
294	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
295	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
296	Xen 4.9	4.9.4			3	55	66	3
297	Xen 4.8	4.8.5			10	58	68	3
298	Xen 4.7	4.7.6			12	57	73	4
299	Xen 4.6	4.6.6			11	62	82	8
300	Xen 4.5	4.5.5			11	67	87	16
301	Xen 4.4	4.4.4			11	67	98	25
302	Xen 4.3	4.3.4			11	68	99	23
303	Xen 4.2	4.2.5			11	70	126	34
304	Xen 4.14	4.14.3			0	21	30	3
305	Xen 4.13	4.13.4			0	26	37	3
306	Xen 4.12	4.12.4			1	30	46	3
307	Xen 4.11	4.11.4			1	45	53	3
308	Xen 4.10	4.10.4			2	43	57	3
309	Xen 4.1	4.1.6.1			11	74	122	32
310	Xen 4.0	4.0.4			11	64	104	28
311	Xen 3.4	3.4.4			11	58	84	21
312	Xen 3.3	3.3.2			11	53	82	18
313	Xen 3.2	3.2.3			11	52	76	15
314	Xen 3.1	3.1.4			11	44	71	10
315	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
291	- 4.9	MEDIUM	GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hyperca…	NVD-CWE-Other	CVE-2015-4163	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:rc1 cpe:2.3:o:xen:xen:4.4.0:* c…	2024-11-21 11:30 2015-06-16	Show	GitHub Exploit DB Packet Storm

292	- 4.9	MEDIUM	Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operation…	CWE-399 Resource Management Errors	CVE-2015-4105	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.4:* cpe…	2024-11-21 11:30 2015-06-4	Show	GitHub Exploit DB Packet Storm

293	- 7.8	HIGH	Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecifi…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-4104	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.4:* cpe…	2024-11-21 11:30 2015-06-4	Show	GitHub Exploit DB Packet Storm

294	- 4.9	MEDIUM	Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handli…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-4103	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.4:* cpe…	2024-11-21 11:30 2015-06-4	Show	GitHub Exploit DB Packet Storm

295	- 7.7	HIGH	The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2015-3456	cpe:2.3:o:xen:xen:4.5.0:*	2024-11-21 11:29 2015-05-14	Show	GitHub Exploit DB Packet Storm

296	- 2.9	LOW	Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_g…	CWE-200 Information Exposure	CVE-2015-3340	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.2:* cpe:2.3:o:xen:xen:4.4.1:* cpe:2.3:o:xen:xen:4.4.0:* cpe…	2024-11-21 11:29 2015-04-28	Show	GitHub Exploit DB Packet Storm

297	- 2.1	LOW	drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows …	CWE-200 Information Exposure	CVE-2015-0777	cpe:2.3:o:xen:xen:3.4.4:* cpe:2.3:o:xen:xen:3.4.3:* cpe:2.3:o:xen:xen:3.4.2:* cpe:2.3:o:xen:xen:3.4.1:* cpe…	2024-11-21 11:23 2015-04-6	Show	GitHub Exploit DB Packet Storm

298	- 4.9	MEDIUM	QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-2756	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.2:* cpe…	2024-11-21 11:28 2015-04-1	Show	GitHub Exploit DB Packet Storm

299	- 4.9	MEDIUM	The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host…	CWE-20 Improper Input Validation	CVE-2015-2752	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.2:* cpe…	2024-11-21 11:27 2015-04-1	Show	GitHub Exploit DB Packet Storm

300	- 7.1	HIGH	Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.	CWE-17 Code	CVE-2015-2751	cpe:2.3:o:xen:xen:4.5.0:* cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:rc1 cpe:2.3:o:xen:xen:4.4.0:* c…	2024-11-21 11:27 2015-04-1	Show	GitHub Exploit DB Packet Storm