Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen xen 4.5.0 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2015-8341
The libxl toolstack library in Xen 4.1.x up to and including 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows malicious users to cause a denial of service (memory and disk consu...
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.0
Xen Xen 4.2.3
Xen Xen 4.3.4
Xen Xen 4.4.0
Xen Xen 4.6.0
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.2.4
Xen Xen 4.2.5
Xen Xen 4.4.1
Xen Xen 4.4.2
Xen Xen 4.1.0
Xen Xen 4.1.6.1
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.3.2
Xen Xen 4.3.3
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.1.5
7.8
CVSSv2
CVE-2015-4104
Xen 3.3.x up to and including 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors.
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.3.4
Xen Xen 4.4.0
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.1
7.7
CVSSv2
CVE-2015-3456
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and previous versions and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_...
Qemu Qemu
Redhat Openstack 4.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Openstack 5.0
Redhat Openstack 7.0
Redhat Enterprise Virtualization 3.0
Redhat Enterprise Linux 5
Xen Xen 4.5.0
Redhat Openstack 6.0
1 EDB exploit
5 Github repositories
3 Articles
7.2
CVSSv2
CVE-2016-6258
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and previous versions allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Xen Xen 4.7.0
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.0.1
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.6.3
Xen Xen 4.6.1
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.4.0
Xen Xen 4.5.0
Xen Xen 4.3.1
Xen Xen 4.1.2
Xen Xen 3.4.0
Xen Xen 3.4.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 3.4.3
1 Article
7.2
CVSSv2
CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 up to and including 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
7.1
CVSSv2
CVE-2015-2751
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
Xen Xen 4.4.1
Xen Xen 4.5.0
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.3.2
Xen Xen 4.4.0
Fedoraproject Fedora 21
Fedoraproject Fedora 20
6.9
CVSSv2
CVE-2016-1570
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x up to and including 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the...
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.3.3
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.2.0
Xen Xen 4.1.6.1
Xen Xen 4.1.0
Xen Xen 3.4.1
Xen Xen 4.6.0
Xen Xen 4.5.2
Xen Xen 4.3.4
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.3.0
Xen Xen 4.2.5
Xen Xen 4.1.6
Xen Xen 4.1.5
6.8
CVSSv2
CVE-2016-4962
The libxl device-handling in Xen 4.6.x and previous versions allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
Oracle Vm Server 3.4
Oracle Vm Server 3.3
Xen Xen 4.4.4
Xen Xen 4.5.3
Xen Xen 4.5.2
Xen Xen 4.4.0
Xen Xen 4.4.3
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.6.1
Xen Xen 4.6.0
Xen Xen 4.4.2
Xen Xen 4.4.1
Xen Xen 4.3.0
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.3.4
Xen Xen 4.3.3
6.8
CVSSv2
CVE-2015-3259
Stack-based buffer overflow in the xl command line utility in Xen 4.1.x up to and including 4.5.x allows local guest administrators to gain privileges via a long configuration argument.
Xen Xen 4.4.0
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.3.1
Xen Xen 4.3.4
Xen Xen 4.5.0
Xen Xen 4.4.2
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 4.4.1
Xen Xen 4.1.0
Xen Xen 4.2.1
Xen Xen 4.2.2
5
CVSSv2
CVE-2017-10916
The vCPU context-switch implementation in Xen up to and including 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.5.3
Xen Xen 4.5.5
Xen Xen 4.8.1
Xen Xen 4.5.0
Xen Xen 4.6.2
Xen Xen 4.6.4
Xen Xen 4.6.5
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.7.1
Xen Xen 4.8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »