Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen xen 3.4.0 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2015-4104
Xen 3.3.x up to and including 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.3.4
Xen Xen 4.4.0
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.1
7.2
CVSSv2
CVE-2016-6258
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and previous versions allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Xen Xen 4.7.0
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.0.1
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.6.3
Xen Xen 4.6.1
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.4.0
Xen Xen 4.5.0
Xen Xen 4.3.1
Xen Xen 4.1.2
Xen Xen 3.4.0
Xen Xen 3.4.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 3.4.3
1 Article
7.2
CVSSv2
CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 up to and including 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
7.1
CVSSv2
CVE-2014-9030
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x up to and including 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
Xen Xen 3.2.0
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 3.2.3
Xen Xen 3.2.1
Xen Xen 3.2.2
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 3.3.0
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.1.4
6.9
CVSSv2
CVE-2016-1570
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x up to and including 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the...
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.3.3
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.2.0
Xen Xen 4.1.6.1
Xen Xen 4.1.0
Xen Xen 3.4.1
Xen Xen 4.6.0
Xen Xen 4.5.2
Xen Xen 4.3.4
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.3.0
Xen Xen 4.2.5
Xen Xen 4.1.6
Xen Xen 4.1.5
6.9
CVSSv2
CVE-2012-5513
The XENMEM_exchange handler in Xen 4.2 and previous versions does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor ...
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.0.4
Xen Xen 3.4.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 3.3.2
Xen Xen 4.1.2
Xen Xen 3.2.2
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.1
Xen Xen 4.1.0
Xen Xen 3.4.3
Xen Xen 3.0.3
Xen Xen 4.1.3
Xen Xen 3.2.3
Xen Xen
Xen Xen 3.3.1
Xen Xen 3.0.2
Xen Xen 3.4.2
Xen Xen 3.4.1
6.1
CVSSv2
CVE-2010-4255
The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and previous versions on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial ...
Citrix Xen 3.1.3
Citrix Xen 3.1.4
Citrix Xen 3.2.2
Citrix Xen 3.3.2
Citrix Xen 3.0.2
Citrix Xen 3.0.4
Citrix Xen 3.3.1
Citrix Xen 3.4.1
Citrix Xen 3.2.0
Citrix Xen 3.2.1
Citrix Xen 3.1.2
Citrix Xen 3.2.3
Citrix Xen 3.4.2
Citrix Xen 4.0.0
Citrix Xen
Citrix Xen 3.0.3
Citrix Xen 3.3.0
Citrix Xen 3.4.0
Citrix Xen 3.4.3
5.8
CVSSv2
CVE-2014-7155
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and previous versions does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involvin...
Xen Xen 3.1.3
Xen Xen 3.1.4
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.4.0
Xen Xen
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 3.0.3
Xen Xen 3.0.4
Xen Xen 3.3.0
Xen Xen 3.3.1
5.7
CVSSv2
CVE-2013-2212
The vmx_set_uc_mode function in Xen 3.3 up to and including 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
Xen Xen 4.2.0
Xen Xen 4.3.0
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.1.3
5.5
CVSSv2
CVE-2011-1166
Xen, possibly prior to 4.0.2, allows local 64-bit PV guests to cause a denial of service (host crash) by specifying user mode execution without user-mode pagetables.
Xen Xen 3.1.4
Xen Xen 3.2.1
Xen Xen 3.3.2
Xen Xen 3.4.1
Xen Xen 3.2.2
Xen Xen 3.2.3
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 3.0.2
Xen Xen 3.0.3
Xen Xen 3.0.4
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen
Xen Xen 3.1.3
Xen Xen 3.2.0
Xen Xen 3.4.0
Xen Xen 3.4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »