Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen xen 3.4.1 vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2017-14431
Memory leak in Xen 3.3 up to and including 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.2
Xen Xen 4.5.5
Xen Xen 4.2.3
Xen Xen 4.3.3
Xen Xen 3.4.0
Xen Xen 4.6.4
Xen Xen 4.3.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 3.3.2
Xen Xen 4.7.1
Xen Xen 4.1.2
Xen Xen 4.5.2
Xen Xen 4.4.2
Xen Xen 4.4.4
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.4.3
Xen Xen 4.4.0
4.4
CVSSv3
CVE-2015-8552
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x up to and including 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a s...
Xen Xen 3.2.0
Xen Xen 4.3.2
Xen Xen 4.1.5
Xen Xen 3.2.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.3.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 3.3.2
Xen Xen 4.1.2
Xen Xen 3.2.2
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.1
Xen Xen 4.2.0
Xen Xen 4.1.0
Xen Xen 3.4.3
Xen Xen 4.1.6
Xen Xen 4.2.5
8.5
CVSSv3
CVE-2016-1570
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x up to and including 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the...
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.3.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 4.1.2
Xen Xen 4.5.2
Xen Xen 4.4.2
Xen Xen 4.4.3
Xen Xen 4.4.0
Xen Xen 4.1.1
Xen Xen 4.2.0
Xen Xen 4.1.0
Xen Xen 4.1.6
Xen Xen 4.2.5
Xen Xen 4.1.3
Xen Xen 4.1.6.1
Xen Xen 4.3.4
Xen Xen 4.5.1
6.3
CVSSv3
CVE-2016-1571
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x up to and including 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID...
Citrix Xenserver
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.3.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 3.3.2
Xen Xen 4.1.2
Xen Xen 4.5.2
Xen Xen 4.4.2
Xen Xen 3.4.4
Xen Xen 4.4.3
Xen Xen 4.4.0
Xen Xen 4.1.1
Xen Xen 4.2.0
Xen Xen 4.1.0
Xen Xen 3.4.3
Xen Xen 4.1.6
Xen Xen 4.2.5
NA
CVE-2015-8339
The memory_exchange function in common/memory.c in Xen 3.2.x up to and including 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
Xen Xen 3.2.0
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 3.2.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.3.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 3.3.2
Xen Xen 4.1.2
Xen Xen 3.2.2
Xen Xen 4.5.2
Xen Xen 4.4.2
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.4.3
Xen Xen 4.1.1
Xen Xen 4.2.0
NA
CVE-2015-8340
The memory_exchange function in common/memory.c in Xen 3.2.x up to and including 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handli...
Xen Xen 3.2.0
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 3.2.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.3.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 3.3.2
Xen Xen 4.1.2
Xen Xen 3.2.2
Xen Xen 4.5.2
Xen Xen 4.4.2
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.4.3
Xen Xen 4.1.1
Xen Xen 4.2.0
NA
CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 up to and including 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 4.1.2
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.1
Xen Xen 4.2.0
Xen Xen 4.1.0
Xen Xen 3.4.3
Xen Xen 4.4.1
Xen Xen 4.1.3
Xen Xen 4.1.6.1
Xen Xen 4.3.4
Xen Xen 4.5.1
Xen Xen 3.4.2
NA
CVE-2015-7970
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "ti...
Xen Xen 3.4.0
Xen Xen 3.4.4
Xen Xen 3.4.3
Xen Xen 3.4.2
Xen Xen 3.4.1
NA
CVE-2015-7972
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x up to and including 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM g...
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 4.1.2
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.1
Xen Xen 4.2.0
Xen Xen 4.1.0
Xen Xen 3.4.3
Xen Xen 4.4.1
Xen Xen 4.1.3
Xen Xen 4.1.6.1
Xen Xen 4.3.4
Xen Xen 4.5.1
Xen Xen 3.4.2
NA
CVE-2015-7971
Xen 3.2.x up to and including 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which are not properl...
Xen Xen 3.2.0
Xen Xen 4.3.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 3.2.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 3.4.0
Xen Xen 4.3.0
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 3.3.2
Xen Xen 4.1.2
Xen Xen 3.2.2
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.1
Xen Xen 4.2.0
Xen Xen 4.1.0
Xen Xen 3.4.3
Xen Xen 4.4.1
Xen Xen 4.1.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »