Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
361	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
362	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
363	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
364	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
365	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
366	Xen 4.9	4.9.4			3	55	66	3
367	Xen 4.8	4.8.5			10	58	68	3
368	Xen 4.7	4.7.6			12	57	73	4
369	Xen 4.6	4.6.6			11	62	82	8
370	Xen 4.5	4.5.5			11	67	87	16
371	Xen 4.4	4.4.4			11	67	98	25
372	Xen 4.3	4.3.4			11	68	99	23
373	Xen 4.2	4.2.5			11	70	126	34
374	Xen 4.14	4.14.3			0	21	30	3
375	Xen 4.13	4.13.4			0	26	37	3
376	Xen 4.12	4.12.4			1	30	46	3
377	Xen 4.11	4.11.4			1	45	53	3
378	Xen 4.10	4.10.4			2	43	57	3
379	Xen 4.1	4.1.6.1			11	74	122	32
380	Xen 4.0	4.0.4			11	64	104	28
381	Xen 3.4	3.4.4			11	58	84	21
382	Xen 3.3	3.3.2			11	53	82	18
383	Xen 3.2	3.2.3			11	52	76	15
384	Xen 3.1	3.1.4			11	44	71	10
385	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	or less	Update date Published date	Show Affected	Exploit PoC Search
361	- 5.2	MEDIUM	Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of…	CWE-20 Improper Input Validation	CVE-2013-4494	cpe:2.3:o:xen:xen::	4.1.0 4.2.0 4.3.0	4.1.6.1 4.2.5 4.3.4	2024-11-21 10:55 2013-11-3	Show	GitHub Exploit DB Packet Storm

362	- 4.4	MEDIUM	Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the real…	CWE-399 Resource Management Errors	CVE-2013-4371	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe…			2024-11-21 10:55 2013-10-18	Show	GitHub Exploit DB Packet Storm

363	- 4.6	MEDIUM	The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corr…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2013-4370	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe…			2024-11-21 10:55 2013-10-18	Show	GitHub Exploit DB Packet Storm

364	- 1.9	LOW	The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate conf…	NVD-CWE-Other	CVE-2013-4369	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe…			2024-11-21 10:55 2013-10-18	Show	GitHub Exploit DB Packet Storm

365	- 1.9	LOW	The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests t…	CWE-200 Information Exposure	CVE-2013-4368	cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe…		4.3.0	2024-11-21 10:55 2013-10-18	Show	GitHub Exploit DB Packet Storm

366	- 5.4	MEDIUM	Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-4356	cpe:2.3:o:xen:xen:4.3.0:*			2024-11-21 10:55 2013-10-10	Show	GitHub Exploit DB Packet Storm

367	- 2.1	LOW	The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use the correct variable for the source effective address, which allows local HVM guests to obtain hypervisor stack information by r…	CWE-200 Information Exposure	CVE-2013-4361	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe…			2024-11-21 10:55 2013-10-2	Show	GitHub Exploit DB Packet Storm

368	- 1.5	LOW	Xen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified o…	CWE-200 Information Exposure	CVE-2013-4355	cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe…		4.3.0	2024-11-21 10:55 2013-10-2	Show	GitHub Exploit DB Packet Storm

369	- 5.5	MEDIUM	Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-add…	CWE-399 Resource Management Errors	CVE-2011-2901	cpe:2.3:o:xen:xen:3.2.3:* cpe:2.3:o:xen:xen:3.2.2:* cpe:2.3:o:xen:xen:3.2.1:* cpe:2.3:o:xen:xen:3.2.0:* cpe…		3.3.0	2024-11-21 10:29 2013-10-2	Show	GitHub Exploit DB Packet Storm

370	- 1.2	LOW	Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not properly clear previous data from registers when using an XSAVE or XRSTOR to extend the state components of a saved or restored vCP…	CWE-200 Information Exposure	CVE-2013-1442	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe…			2024-11-21 10:49 2013-10-1	Show	GitHub Exploit DB Packet Storm