Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
321 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
322 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
323 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
324 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
325 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
326 Xen 4.9 4.9.4 3 55 66 3
327 Xen 4.8 4.8.5 10 58 68 3
328 Xen 4.7 4.7.6 12 57 73 4
329 Xen 4.6 4.6.6 11 62 82 8
330 Xen 4.5 4.5.5 11 67 87 16
331 Xen 4.4 4.4.4 11 67 98 25
332 Xen 4.3 4.3.4 11 68 99 23
333 Xen 4.2 4.2.5 11 70 126 34
334 Xen 4.14 4.14.3 0 21 30 3
335 Xen 4.13 4.13.4 0 26 37 3
336 Xen 4.12 4.12.4 1 30 46 3
337 Xen 4.11 4.11.4 1 45 53 3
338 Xen 4.10 4.10.4 2 43 57 3
339 Xen 4.1 4.1.6.1 11 74 122 32
340 Xen 4.0 4.0.4 11 64 104 28
341 Xen 3.4 3.4.4 11 58 84 21
342 Xen 3.3 3.3.2 11 53 82 18
343 Xen 3.2 3.2.3 11 52 76 15
344 Xen 3.1 3.1.4 11 44 71 10
345 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
321 -
6.1 		MEDIUM Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a d… CWE-362
Race Condition 		CVE-2014-7154 cpe:2.3:o:xen:xen:4.4.1:-
cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.1:*
c… 		2024-11-21 11:16
2014-10-2 		Show GitHub Exploit DB Packet Storm
322 -
4.3 		MEDIUM Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-5147 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:11
2014-08-30 		Show GitHub Exploit DB Packet Storm
323 -
4.7 		MEDIUM Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by in… CWE-399
 Resource Management Errors 		CVE-2014-5149 cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe… 		2024-11-21 11:11
2014-08-22 		Show GitHub Exploit DB Packet Storm
324 -
4.7 		MEDIUM Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a de… CWE-399
 Resource Management Errors 		CVE-2014-5146 cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe… 		2024-11-21 11:11
2014-08-22 		Show GitHub Exploit DB Packet Storm
325 -
2.7 		LOW The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, when running on an ARM platform, does not properly initialize the structure containing the grant table pages for a domain, which al… CWE-200
Information Exposure 		CVE-2014-4022 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:09
2014-07-9 		Show GitHub Exploit DB Packet Storm
326 -
2.7 		LOW Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-4021 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
c… 		2024-11-21 11:09
2014-06-19 		Show GitHub Exploit DB Packet Storm
327 -
7.4 		HIGH Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-3969 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:09
2014-06-6 		Show GitHub Exploit DB Packet Storm
328 -
5.5 		MEDIUM The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an e… NVD-CWE-noinfo
CVE-2014-3968 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
c… 		2024-11-21 11:09
2014-06-6 		Show GitHub Exploit DB Packet Storm
329 -
5.5 		MEDIUM The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of servic… NVD-CWE-Other
CVE-2014-3967 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
c… 		2024-11-21 11:09
2014-06-6 		Show GitHub Exploit DB Packet Storm
330 -
3.3 		LOW Xen 4.4.x does not properly validate the load address for 64-bit ARM guest kernels, which allows local users to read system memory or cause a denial of service (crash) via a crafted kernel, which tri… CWE-20
 Improper Input Validation  		CVE-2014-3717 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:08
2014-05-19 		Show GitHub Exploit DB Packet Storm