Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Xen Number Of NVD 431 CRITICAL 12 HIGH 133 MEDIUM 238 LOW 48
URL https://xenproject.org/
Explanation Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures.

In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains.

Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].
Add Information URL
No Type Name URL
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
351 Xen 4.19 4.19.0 July 29, 2024 July 29, 2024 0 1 0 0
352 Xen 4.18 4.18.3 Aug. 14, 2024 Nov. 17, 2023 0 1 0 0
353 Xen 4.17 4.17.5 Aug. 14, 2024 Dec. 14, 2022 0 4 3 1
354 Xen 4.16 4.16.6 March 27, 2024 Dec. 2, 2021 0 3 5 2
355 Xen 4.15 4.15.7 May 3, 2024 April 8, 2021 0 11 9 2
356 Xen 4.9 4.9.4 3 55 66 3
357 Xen 4.8 4.8.5 10 58 68 3
358 Xen 4.7 4.7.6 12 57 73 4
359 Xen 4.6 4.6.6 11 62 82 8
360 Xen 4.5 4.5.5 11 67 87 16
361 Xen 4.4 4.4.4 11 67 98 25
362 Xen 4.3 4.3.4 11 68 99 23
363 Xen 4.2 4.2.5 11 70 126 34
364 Xen 4.14 4.14.3 0 21 30 3
365 Xen 4.13 4.13.4 0 26 37 3
366 Xen 4.12 4.12.4 1 30 46 3
367 Xen 4.11 4.11.4 1 45 53 3
368 Xen 4.10 4.10.4 2 43 57 3
369 Xen 4.1 4.1.6.1 11 74 122 32
370 Xen 4.0 4.0.4 11 64 104 28
371 Xen 3.4 3.4.4 11 58 84 21
372 Xen 3.3 3.3.2 11 53 82 18
373 Xen 3.2 3.2.3 11 52 76 15
374 Xen 3.1 3.1.4 11 44 71 10
375 Xen 3.0 3.0.4 11 44 70 9
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
351 -
4.6 		MEDIUM Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause… NVD-CWE-noinfo
CVE-2011-1936 cpe:2.3:o:xen:xen:-:* 2024-11-21 10:27
2014-01-8 		Show GitHub Exploit DB Packet Storm
352 -
6.1 		MEDIUM The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different in… CWE-20
 Improper Input Validation  		CVE-2011-1780 cpe:2.3:o:xen:xen:3.0.3:* 2024-11-21 10:27
2014-01-8 		Show GitHub Exploit DB Packet Storm
353 -
5.5 		MEDIUM Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables. CWE-20
 Improper Input Validation  		CVE-2011-1166 cpe:2.3:o:xen:xen:4.0.0:*
cpe:2.3:o:xen:xen:3.4.4:*
cpe:2.3:o:xen:xen:3.4.3:*
cpe:2.3:o:xen:xen:3.4.2:*
cpe… 		4.0.1 2024-11-21 10:25
2014-01-8 		Show GitHub Exploit DB Packet Storm
354 -
5.5 		MEDIUM Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via … CWE-476
 NULL Pointer Dereference 		CVE-2011-2519 cpe:2.3:o:xen:xen:*:* 3.3.0 2024-11-21 10:28
2013-12-27 		Show GitHub Exploit DB Packet Storm
355 -
5.2 		MEDIUM Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-4554 cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe:2.3:o:xen:xen:4.2.2:*
cpe… 		2024-11-21 10:55
2013-12-25 		Show GitHub Exploit DB Packet Storm
356 -
5.2 		MEDIUM The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2013-4553 cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe:2.3:o:xen:xen:4.2.2:*
cpe… 		2024-11-21 10:55
2013-12-25 		Show GitHub Exploit DB Packet Storm
357 -
6.8 		MEDIUM Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-6400 cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe:2.3:o:xen:xen:4.2.2:*
cpe… 		2024-11-21 10:59
2013-12-14 		Show GitHub Exploit DB Packet Storm
358 -
7.9 		HIGH Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a de… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-6375 cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe:2.3:o:xen:xen:4.2.2:*
cpe… 		2024-11-21 10:59
2013-11-23 		Show GitHub Exploit DB Packet Storm
359 -
5.7 		MEDIUM Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of ser… CWE-20
 Improper Input Validation  		CVE-2013-4551 cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe:2.3:o:xen:xen:4.2.2:*
cpe… 		2024-11-21 10:55
2013-11-18 		Show GitHub Exploit DB Packet Storm
360 -
5.2 		MEDIUM The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2013-4416 cpe:2.3:o:xen:xen:4.3.1:*
cpe:2.3:o:xen:xen:4.3.0:*
cpe:2.3:o:xen:xen:4.2.3:*
cpe:2.3:o:xen:xen:4.2.2:*
cpe… 		2024-11-21 10:55
2013-11-3 		Show GitHub Exploit DB Packet Storm