Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
301 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
302 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
303 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
304 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
305 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
306 Xen 4.9 4.9.4 3 55 66 3
307 Xen 4.8 4.8.5 10 58 68 3
308 Xen 4.7 4.7.6 12 57 73 4
309 Xen 4.6 4.6.6 11 62 82 8
310 Xen 4.5 4.5.5 11 67 87 16
311 Xen 4.4 4.4.4 11 67 98 25
312 Xen 4.3 4.3.4 11 68 99 23
313 Xen 4.2 4.2.5 11 70 126 34
314 Xen 4.14 4.14.3 0 21 30 3
315 Xen 4.13 4.13.4 0 26 37 3
316 Xen 4.12 4.12.4 1 30 46 3
317 Xen 4.11 4.11.4 1 45 53 3
318 Xen 4.10 4.10.4 2 43 57 3
319 Xen 4.1 4.1.6.1 11 74 122 32
320 Xen 4.0 4.0.4 11 64 104 28
321 Xen 3.4 3.4.4 11 58 84 21
322 Xen 3.3 3.3.2 11 53 82 18
323 Xen 3.2 3.2.3 11 52 76 15
324 Xen 3.1 3.1.4 11 44 71 10
325 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
301 -
1.9 		LOW Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-2152 cpe:2.3:o:xen:xen:*:* 4.5.0 2024-11-21 11:26
2015-03-19 		Show GitHub Exploit DB Packet Storm
302 -
7.2 		HIGH The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-2151 cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
c… 		2024-11-21 11:26
2015-03-12 		Show GitHub Exploit DB Packet Storm
303 -
4.9 		MEDIUM Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-2150 cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
c… 		2024-11-21 11:26
2015-03-12 		Show GitHub Exploit DB Packet Storm
304 -
2.1 		LOW The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. CWE-200
Information Exposure 		CVE-2015-2045 cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
c… 		2024-11-21 11:26
2015-03-12 		Show GitHub Exploit DB Packet Storm
305 -
2.1 		LOW The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involvin… CWE-200
Information Exposure 		CVE-2015-2044 cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:-
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
c… 		2024-11-21 11:26
2015-03-12 		Show GitHub Exploit DB Packet Storm
306 -
4.9 		MEDIUM The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (… CWE-20
 Improper Input Validation  		CVE-2015-0268 cpe:2.3:o:xen:xen:4.5.0:* 2024-11-21 11:22
2015-02-17 		Show GitHub Exploit DB Packet Storm
307 -
2.1 		LOW The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. CWE-399
 Resource Management Errors 		CVE-2015-1563 cpe:2.3:o:xen:xen:4.5.0:*
cpe:2.3:o:xen:xen:4.4.1:*
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
c… 		2024-11-21 11:25
2015-02-9 		Show GitHub Exploit DB Packet Storm
308 -
4.9 		MEDIUM The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when… CWE-399
 Resource Management Errors 		CVE-2014-6268 cpe:2.3:o:xen:xen:4.4.1:*
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:14
2015-01-13 		Show GitHub Exploit DB Packet Storm
309 -
7.8 		HIGH Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. NVD-CWE-Other
CVE-2015-0361 cpe:2.3:o:xen:xen:4.4.1:*
cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.3:*
cpe:2.3:o:xen:xen:4.3.2:*
cpe… 		2024-11-21 11:22
2015-01-8 		Show GitHub Exploit DB Packet Storm
310 -
4.7 		MEDIUM Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog… CWE-17
Code 		CVE-2014-9066 cpe:2.3:o:xen:xen:*:* 4.4.1 2024-11-21 11:20
2014-12-10 		Show GitHub Exploit DB Packet Storm