Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen vulnerabilities and exploits
(subscribe to this query)
739
VMScore
CVE-2014-1666
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 up to and including 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest mal...
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.2.2
Xen Xen 4.1.5
Xen Xen 4.2.3
Xen Xen 4.1.6.1
605
VMScore
CVE-2017-8905
Xen up to and including 4.6.x on 64-bit platforms mishandles a failsafe callback, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-215.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.6.3
Xen Xen 4.6.5
Xen Xen 4.6.4
Xen Xen 4.6.2
1 Github repository
543
VMScore
CVE-2014-7154
Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 up to and including 4.4.x does not ensure possession of the guarding lock for dirty video RAM tracking, which allows certain local guest domains to cause a denial of service via unspecified vectors.
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Debian Debian Linux 7.0
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.3.1
Opensuse Opensuse 13.1
Opensuse Opensuse 12.3
187
VMScore
CVE-2012-4544
The PV domain builder in Xen 4.2 and previous versions does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ram...
Xen Xen 4.1.1
Xen Xen 4.1.0
Xen Xen
Xen Xen 4.1.3
Xen Xen 4.1.2
169
VMScore
CVE-2013-4369
The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.2.0
Xen Xen 4.2.3
Xen Xen 4.3.0
409
VMScore
CVE-2013-4370
The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors tha...
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.2.2
392
VMScore
CVE-2013-4371
Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of servi...
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 4.2.0
436
VMScore
CVE-2015-7970
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "ti...
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 3.4.0
187
VMScore
CVE-2015-7813
Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physde...
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.6.0
1 Article
187
VMScore
CVE-2015-0777
drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in ho...
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 3.4.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »