Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
311	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
312	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
313	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
314	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
315	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
316	Xen 4.9	4.9.4			3	55	66	3
317	Xen 4.8	4.8.5			10	58	68	3
318	Xen 4.7	4.7.6			12	57	73	4
319	Xen 4.6	4.6.6			11	62	82	8
320	Xen 4.5	4.5.5			11	67	87	16
321	Xen 4.4	4.4.4			11	67	98	25
322	Xen 4.3	4.3.4			11	68	99	23
323	Xen 4.2	4.2.5			11	70	126	34
324	Xen 4.14	4.14.3			0	21	30	3
325	Xen 4.13	4.13.4			0	26	37	3
326	Xen 4.12	4.12.4			1	30	46	3
327	Xen 4.11	4.11.4			1	45	53	3
328	Xen 4.10	4.10.4			2	43	57	3
329	Xen 4.1	4.1.6.1			11	74	122	32
330	Xen 4.0	4.0.4			11	64	104	28
331	Xen 3.4	3.4.4			11	58	84	21
332	Xen 3.3	3.3.2			11	53	82	18
333	Xen 3.2	3.2.3			11	52	76	15
334	Xen 3.1	3.1.4			11	44	71	10
335	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
311	- 4.4	MEDIUM	common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and hos…	CWE-17 Code	CVE-2014-9065	cpe:2.3:o:xen:xen::	4.4.1	2024-11-21 11:20 2014-12-10	Show	GitHub Exploit DB Packet Storm

312	- 4.9	MEDIUM	The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM…	CWE-17 Code	CVE-2014-8867	cpe:2.3:o:xen:xen:4.4.1:* cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:3.2.3:* cpe:2.3:o:xen:xen:3.2.2:* cpe…	3.2.0	2024-11-21 11:19 2014-12-2	Show	GitHub Exploit DB Packet Storm

313	- 4.7	MEDIUM	The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vec…	CWE-17 Code	CVE-2014-8866	cpe:2.3:o:xen:xen:4.4.0:rc1 cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* c…		2024-11-21 11:19 2014-12-2	Show	GitHub Exploit DB Packet Storm

314	- 7.1	HIGH	The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an…	CWE-20 Improper Input Validation	CVE-2014-9030	cpe:2.3:o:xen:xen:4.4.1:* cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* cpe…		2024-11-21 11:20 2014-11-25	Show	GitHub Exploit DB Packet Storm

315	- 1.9	LOW	arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a craf…	CWE-17 Code	CVE-2014-8595	cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe…		2024-11-21 11:19 2014-11-20	Show	GitHub Exploit DB Packet Storm

316	- 5.4	MEDIUM	The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointe…	CWE-20 Improper Input Validation	CVE-2014-8594	cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe…		2024-11-21 11:19 2014-11-20	Show	GitHub Exploit DB Packet Storm

317	- 4.6	MEDIUM	Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an in…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-5148	cpe:2.3:o:xen:xen:4.4.0:-		2024-11-21 11:11 2014-10-27	Show	GitHub Exploit DB Packet Storm

318	- 8.3	HIGH	The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host cr…	CWE-399 Resource Management Errors	CVE-2014-7188	cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:rc1 cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.1:* c…		2024-11-21 11:16 2014-10-2	Show	GitHub Exploit DB Packet Storm

319	- 3.3	LOW	The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allo…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-7156	cpe:2.3:o:xen:xen:4.4.1:- cpe:2.3:o:xen:xen:4.4.0:rc1 cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.1:* c…		2024-11-21 11:16 2014-10-2	Show	GitHub Exploit DB Packet Storm

320	- 5.8	MEDIUM	The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-7155	cpe:2.3:o:xen:xen:4.4.0:rc1 cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* c…	4.4.0	2024-11-21 11:16 2014-10-2	Show	GitHub Exploit DB Packet Storm