Software Detail

Software Informaton Top

Virtualization

Software Detail

Xen

Number Of NVD

431

CRITICAL

HIGH

133

MEDIUM

238

LOW

URL	https://xenproject.org/
Explanation	Since 2010, the Xen community has been developing and maintaining Xen as free software under the GPLv2 license. Xen is available for IA-32, x64, IA-64, and ARM architectures. Xen is available for IA-32, x64, IA-64, and ARM architectures. In a Xen system, the Xen hypervisor is the core software that runs at the lowest privilege level [2]. The Xen hypervisor hierarchy supports one or more guest operating systems and performs scheduling for the physical CPU. the physical CPU. The first guest OS is referred to in Xen jargon as "domain 0" (dom0). It is, by default, automatically executed when the hypervisor boots, and has special administrative privileges and direct access to all physical hardware. The system administrator can log in to any additional guest OS through dom0. The management target at this time is called "domain U" (domU) in Xen jargon, where domain U means user domains. Excerpt from [https://ja.wikipedia.org/wiki/Xen_(virtualization software)].

Add Information URL

No	Type	Name	URL

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Critical	High	Medium	Low
371	Xen 4.19	4.19.0	July 29, 2024	July 29, 2024	0	1	0	0
372	Xen 4.18	4.18.3	Aug. 14, 2024	Nov. 17, 2023	0	1	0	0
373	Xen 4.17	4.17.5	Aug. 14, 2024	Dec. 14, 2022	0	4	3	1
374	Xen 4.16	4.16.6	March 27, 2024	Dec. 2, 2021	0	3	5	2
375	Xen 4.15	4.15.7	May 3, 2024	April 8, 2021	0	11	9	2
376	Xen 4.9	4.9.4			3	55	66	3
377	Xen 4.8	4.8.5			10	58	68	3
378	Xen 4.7	4.7.6			12	57	73	4
379	Xen 4.6	4.6.6			11	62	82	8
380	Xen 4.5	4.5.5			11	67	87	16
381	Xen 4.4	4.4.4			11	67	98	25
382	Xen 4.3	4.3.4			11	68	99	23
383	Xen 4.2	4.2.5			11	70	126	34
384	Xen 4.14	4.14.3			0	21	30	3
385	Xen 4.13	4.13.4			0	26	37	3
386	Xen 4.12	4.12.4			1	30	46	3
387	Xen 4.11	4.11.4			1	45	53	3
388	Xen 4.10	4.10.4			2	43	57	3
389	Xen 4.1	4.1.6.1			11	74	122	32
390	Xen 4.0	4.0.4			11	64	104	28
391	Xen 3.4	3.4.4			11	58	84	21
392	Xen 3.3	3.3.2			11	53	82	18
393	Xen 3.2	3.2.3			11	52	76	15
394	Xen 3.1	3.1.4			11	44	71	10
395	Xen 3.0	3.0.4			11	44	70	9

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
371	- 6.5	MEDIUM	The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows loca…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-4329	cpe:2.3:o:xen:xen:4.2.3:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe…		2024-11-21 10:55 2013-09-13	Show	GitHub Exploit DB Packet Storm

372	- 4.7	MEDIUM	The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-3495	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe…		2024-11-21 10:53 2013-08-29	Show	GitHub Exploit DB Packet Storm

373	- 5.7	MEDIUM	The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2013-2212	cpe:2.3:o:xen:xen:4.3.0:* cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe…		2024-11-21 10:51 2013-08-29	Show	GitHub Exploit DB Packet Storm

374	- 7.4	HIGH	The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest admi…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-2211	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:51 2013-08-29	Show	GitHub Exploit DB Packet Storm

375	- 5.2	MEDIUM	Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecif…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2013-2077	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:50 2013-08-29	Show	GitHub Exploit DB Packet Storm

376	- 4.3	MEDIUM	Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determi…	CWE-200 Information Exposure	CVE-2013-2076	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:50 2013-08-29	Show	GitHub Exploit DB Packet Storm

377	- 7.4	HIGH	Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of ser…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2013-2072	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:50 2013-08-29	Show	GitHub Exploit DB Packet Storm

378	- 7.4	HIGH	Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not properly maintain references on pages stored for deferred cleanup, which allows local PV guest kernels to cause a denial of service (p…	CWE-399 Resource Management Errors	CVE-2013-1432	cpe:2.3:o:xen:xen:4.2.2:* cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen:4.1.5:* cpe…		2024-11-21 10:49 2013-08-29	Show	GitHub Exploit DB Packet Storm

379	- 6.9	MEDIUM	Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, …	NVD-CWE-noinfo	CVE-2013-2196	cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen::	4.2.2	2024-11-21 10:51 2013-08-24	Show	GitHub Exploit DB Packet Storm

380	- 6.9	MEDIUM	The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest administrators with certain permissions to have an unspecified impact via a crafted kernel, related to "pointer dereferences" involv…	CWE-189 Numeric Errors	CVE-2013-2195	cpe:2.3:o:xen:xen:4.2.1:* cpe:2.3:o:xen:xen:4.2.0:* cpe:2.3:o:xen:xen::	4.2.2	2024-11-21 10:51 2013-08-24	Show	GitHub Exploit DB Packet Storm