Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
331 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
332 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
333 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
334 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
335 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
336 Xen 4.9 4.9.4 3 55 66 3
337 Xen 4.8 4.8.5 10 58 68 3
338 Xen 4.7 4.7.6 12 57 73 4
339 Xen 4.6 4.6.6 11 62 82 8
340 Xen 4.5 4.5.5 11 67 87 16
341 Xen 4.4 4.4.4 11 67 98 25
342 Xen 4.3 4.3.4 11 68 99 23
343 Xen 4.2 4.2.5 11 70 126 34
344 Xen 4.14 4.14.3 0 21 30 3
345 Xen 4.13 4.13.4 0 26 37 3
346 Xen 4.12 4.12.4 1 30 46 3
347 Xen 4.11 4.11.4 1 45 53 3
348 Xen 4.10 4.10.4 2 43 57 3
349 Xen 4.1 4.1.6.1 11 74 122 32
350 Xen 4.0 4.0.4 11 64 104 28
351 Xen 3.4 3.4.4 11 58 84 21
352 Xen 3.3 3.3.2 11 53 82 18
353 Xen 3.2 3.2.3 11 52 76 15
354 Xen 3.1 3.1.4 11 44 71 10
355 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
331 -
1.9 		LOW Xen 4.4.x does not properly check alignment, which allows local users to cause a denial of service (crash) via an unspecified field in a DTB header in a 32-bit guest kernel. CWE-20
 Improper Input Validation  		CVE-2014-3716 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:08
2014-05-19 		Show GitHub Exploit DB Packet Storm
332 -
3.3 		LOW Buffer overflow in Xen 4.4.x allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit guest kernel, related to searching for an appended DTB. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-3715 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:08
2014-05-19 		Show GitHub Exploit DB Packet Storm
333 -
3.3 		LOW The ARM image loading functionality in Xen 4.4.x does not properly validate kernel length, which allows local users to read system memory or cause a denial of service (crash) via a crafted 32-bit ARM… CWE-20
 Improper Input Validation  		CVE-2014-3714 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:08
2014-05-19 		Show GitHub Exploit DB Packet Storm
334 -
6.7 		MEDIUM The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separa… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-3124 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:*
cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
c… 		2024-11-21 11:07
2014-05-7 		Show GitHub Exploit DB Packet Storm
335 -
6.2 		MEDIUM Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash)… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-3125 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:07
2014-05-2 		Show GitHub Exploit DB Packet Storm
336 -
5.5 		MEDIUM The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denia… CWE-20
 Improper Input Validation  		CVE-2014-2986 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:07
2014-04-28 		Show GitHub Exploit DB Packet Storm
337 -
5.5 		MEDIUM Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vecto… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-2915 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.4.0:* 		2024-11-21 11:07
2014-04-24 		Show GitHub Exploit DB Packet Storm
338 -
4.4 		MEDIUM The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" e… CWE-399
 Resource Management Errors 		CVE-2014-2580 cpe:2.3:o:xen:xen:-:* 2024-11-21 11:06
2014-04-16 		Show GitHub Exploit DB Packet Storm
339 -
4.9 		MEDIUM The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore … CWE-20
 Improper Input Validation  		CVE-2014-1896 cpe:2.3:o:xen:xen:4.4.0:rc1
cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
c… 		2024-11-21 11:05
2014-04-1 		Show GitHub Exploit DB Packet Storm
340 -
5.8 		MEDIUM Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denia… CWE-189
Numeric Errors 		CVE-2014-1895 cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe:2.3:o:xen:xen:4.2.2:*
cpe… 		2024-11-21 11:05
2014-04-1 		Show GitHub Exploit DB Packet Storm