Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen xen 4.5.1 vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2015-8341
The libxl toolstack library in Xen 4.1.x up to and including 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows malicious users to cause a denial of service (memory and disk consu...
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.0
Xen Xen 4.2.3
Xen Xen 4.3.4
Xen Xen 4.4.0
Xen Xen 4.6.0
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.2.4
Xen Xen 4.2.5
Xen Xen 4.4.1
Xen Xen 4.4.2
Xen Xen 4.1.0
Xen Xen 4.1.6.1
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.3.2
Xen Xen 4.3.3
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.1.5
641
VMScore
CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 up to and including 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
641
VMScore
CVE-2015-5166
Use-after-free vulnerability in QEMU in Xen 4.5.x and previous versions does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
Fedoraproject Fedora 21
Fedoraproject Fedora 22
Xen Xen
Xen Xen 4.5.1
1 Article
614
VMScore
CVE-2016-1570
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x up to and including 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the...
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.3.3
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.2.0
Xen Xen 4.1.6.1
Xen Xen 4.1.0
Xen Xen 3.4.1
Xen Xen 4.6.0
Xen Xen 4.5.2
Xen Xen 4.3.4
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.3.0
Xen Xen 4.2.5
Xen Xen 4.1.6
Xen Xen 4.1.5
605
VMScore
CVE-2016-4962
The libxl device-handling in Xen 4.6.x and previous versions allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
Oracle Vm Server 3.4
Oracle Vm Server 3.3
Xen Xen 4.4.4
Xen Xen 4.5.3
Xen Xen 4.5.2
Xen Xen 4.4.0
Xen Xen 4.4.3
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.6.1
Xen Xen 4.6.0
Xen Xen 4.4.2
Xen Xen 4.4.1
Xen Xen 4.3.0
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.3.4
Xen Xen 4.3.3
495
VMScore
CVE-2016-3136
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel prior to 4.5.1 allows physically proximate malicious users to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint d...
Linux Linux Kernel
Novell Suse Linux Enterprise Module For Public Cloud 12.0
Novell Suse Linux Enterprise Server 12.0
Novell Suse Linux Enterprise Live Patching 12.0
Novell Suse Linux Enterprise Desktop 12.0
Novell Suse Linux Enterprise Real Time Extension 12.0
Novell Suse Linux Enterprise Workstation Extension 12.0
Novell Suse Linux Enterprise Software Development Kit 12.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
1 EDB exploit
495
VMScore
CVE-2016-3140
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel prior to 4.5.1 allows physically proximate malicious users to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Linux Linux Kernel
Novell Suse Linux Enterprise Module For Public Cloud 12.0
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Server 12.0
Novell Suse Linux Enterprise Live Patching 12.0
Novell Suse Linux Enterprise Real Time Extension 11.0
Novell Suse Linux Enterprise Desktop 12.0
Novell Suse Linux Enterprise Real Time Extension 12.0
Novell Suse Linux Enterprise Workstation Extension 12.0
Novell Suse Linux Enterprise Debuginfo 11.0
Novell Suse Linux Enterprise Software Development Kit 11.0
Novell Suse Linux Enterprise Software Development Kit 12.0
1 EDB exploit
495
VMScore
CVE-2016-2184
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel prior to 4.5.1 allows physically proximate malicious users to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints...
Linux Linux Kernel
Canonical Ubuntu Linux 12.04
Novell Suse Linux Enterprise Module For Public Cloud 12.0
Novell Suse Linux Enterprise Server 11.0
Novell Suse Linux Enterprise Server 12.0
Novell Suse Linux Enterprise Live Patching 12.0
Novell Suse Linux Enterprise Real Time Extension 11.0
Novell Suse Linux Enterprise Real Time Extension 12.0
Novell Suse Linux Enterprise Desktop 12.0
Novell Suse Linux Enterprise Workstation Extension 12.0
Novell Suse Linux Enterprise Debuginfo 11.0
Novell Suse Linux Enterprise Software Development Kit 11.0
Novell Suse Linux Enterprise Software Development Kit 12.0
1 EDB exploit
445
VMScore
CVE-2017-10916
The vCPU context-switch implementation in Xen up to and including 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.5.3
Xen Xen 4.5.5
Xen Xen 4.8.1
Xen Xen 4.5.0
Xen Xen 4.6.2
Xen Xen 4.6.4
Xen Xen 4.6.5
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.7.1
Xen Xen 4.8.0
445
VMScore
CVE-2015-8555
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and previous versions do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vect...
Citrix Xenserver 6.0
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.6.0
Xen Xen 4.3.4
Xen Xen 4.3.3
Xen Xen 4.4.1
Xen Xen 4.4.0
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.5.3
Xen Xen 4.5.2
Xen Xen 4.3.0
Xen Xen 4.4.4
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.6.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »