Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
341	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
342	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
343	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
344	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
345	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
346	Xen 4.9	4.9.4			3	55	66	3
347	Xen 4.8	4.8.5			10	58	68	3
348	Xen 4.7	4.7.6			12	57	73	4
349	Xen 4.6	4.6.6			11	62	82	8
350	Xen 4.5	4.5.5			11	67	87	16
351	Xen 4.4	4.4.4			11	67	98	25
352	Xen 4.3	4.3.4			11	68	99	23
353	Xen 4.2	4.2.5			11	70	126	34
354	Xen 4.14	4.14.3			0	21	30	3
355	Xen 4.13	4.13.4			0	26	37	3
356	Xen 4.12	4.12.4			1	30	46	3
357	Xen 4.11	4.11.4			1	45	53	3
358	Xen 4.10	4.10.4			2	43	57	3
359	Xen 4.1	4.1.6.1			11	74	122	32
360	Xen 4.0	4.0.4			11	64	104	28
361	Xen 3.4	3.4.4			11	58	84	21
362	Xen 3.3	3.3.2			11	53	82	18
363	Xen 3.2	3.2.3			11	52	76	15
364	Xen 3.1	3.1.4			11	44	71	10
365	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
341	- 5.2	MEDIUM	Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unsp…	CWE-189 Numeric Errors	CVE-2014-1894	cpe:2.3:o:xen:xen:3.2.2:* cpe:2.3:o:xen:xen:3.2.1:* cpe:2.3:o:xen:xen:3.2.0:* cpe:2.3:o:xen:xen:3.1.4:* cpe…	3.2.3	2024-11-21 11:05 2014-04-1	Show	GitHub Exploit DB Packet Storm

342	- 5.2	MEDIUM	Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause…	CWE-189 Numeric Errors	CVE-2014-1893	cpe:2.3:o:xen:xen:4.1.5:* cpe:2.3:o:xen:xen:4.1.4:* cpe:2.3:o:xen:xen:4.1.3:* cpe:2.3:o:xen:xen:4.1.2:* cpe…	4.1.6.1	2024-11-21 11:05 2014-04-1	Show	GitHub Exploit DB Packet Storm

343	- 5.2	MEDIUM	Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-18…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-1892	cpe:2.3:o:xen:xen:4.1.6.1:* cpe:2.3:o:xen:xen:4.1.5:* cpe:2.3:o:xen:xen:4.1.4:* cpe:2.3:o:xen:xen:4.1.3:* c…		2024-11-21 11:05 2014-04-1	Show	GitHub Exploit DB Packet Storm

344	- 5.2	MEDIUM	Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlie…	CWE-189 Numeric Errors	CVE-2014-1891	cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe…	4.3.0	2024-11-21 11:05 2014-04-1	Show	GitHub Exploit DB Packet Storm

345	- 4.0	MEDIUM	Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest c…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2011-3346	cpe:2.3:o:xen:xen:-:*		2024-11-21 10:30 2014-04-1	Show	GitHub Exploit DB Packet Storm

346	- 4.9	MEDIUM	The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service (CPU consumption) by leveragin…	CWE-20 Improper Input Validation	CVE-2014-2599	cpe:2.3:o:xen:xen:4.4.0:* cpe:2.3:o:xen:xen:4.3.2:* cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* cpe…		2024-11-21 11:06 2014-03-29	Show	GitHub Exploit DB Packet Storm

347	- 4.6	MEDIUM	Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x through 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, w…	CWE-399 Resource Management Errors	CVE-2014-1950	cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe…		2024-11-21 11:05 2014-02-15	Show	GitHub Exploit DB Packet Storm

348	- 8.3	HIGH	The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which a…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-1666	cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe…		2024-11-21 11:04 2014-01-27	Show	GitHub Exploit DB Packet Storm

349	- 4.4	MEDIUM	The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest…	CWE-399 Resource Management Errors	CVE-2014-1642	cpe:2.3:o:xen:xen:4.3.1:* cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe…		2024-11-21 11:04 2014-01-27	Show	GitHub Exploit DB Packet Storm

350	- 2.7	LOW	The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) v…	CWE-399 Resource Management Errors	CVE-2013-4375	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe…		2024-11-21 10:55 2014-01-20	Show	GitHub Exploit DB Packet Storm