Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen xen - vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv2
CVE-2016-1571
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x up to and including 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID...
Citrix Xenserver
Xen Xen 3.4.1
Xen Xen 3.4.0
Xen Xen 4.5.0
Xen Xen 4.4.3
Xen Xen 4.3.3
Xen Xen 4.3.2
Xen Xen 4.2.0
Xen Xen 4.1.6.1
Xen Xen 4.1.0
Xen Xen 3.4.4
Xen Xen 3.4.3
Xen Xen 3.4.2
Xen Xen 4.5.2
Xen Xen 4.5.1
Xen Xen 4.3.4
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 3.3.2
1.9
CVSSv2
CVE-2016-4963
The libxl device-handling in Xen up to and including 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
Xen Xen 4.6.1
Xen Xen 4.4.2
Xen Xen 4.4.1
Xen Xen 4.3.0
Xen Xen 4.2.5
Xen Xen 4.1.6
Xen Xen 4.1.5
Xen Xen 4.0.2
Xen Xen 4.0.1
Xen Xen 4.5.2
Xen Xen 4.5.1
Xen Xen 4.3.4
Xen Xen 4.3.3
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 4.1.0
Xen Xen 4.5.0
Xen Xen 4.4.4
Xen Xen 4.4.3
Xen Xen 4.3.2
7.2
CVSSv2
CVE-2015-7835
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 up to and including 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping.
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
2.1
CVSSv2
CVE-2015-7972
The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x up to and including 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allows local HVM g...
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.4.1
Xen Xen 4.5.0
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.3.4
Xen Xen 4.4.0
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.2.3
Xen Xen 4.3.0
4.9
CVSSv2
CVE-2015-4103
Xen 3.3.x up to and including 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning mult...
Xen Xen 3.3.1
Xen Xen 3.3.2
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.3.4
Xen Xen 4.4.0
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.4.1
Xen Xen 4.5.0
Xen Xen 3.3.0
Xen Xen 3.4.4
Xen Xen 4.0.1
Xen Xen 4.1.3
Xen Xen 4.1.4
4.9
CVSSv2
CVE-2015-4105
Xen 3.3.x up to and including 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 3.3.0
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 3.3.1
Xen Xen 3.3.2
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
Xen Xen 4.1.6.1
4.9
CVSSv2
CVE-2015-7969
Multiple memory leaks in Xen 4.0 up to and including 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the ...
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.3.2
Xen Xen 4.3.4
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.0.0
Xen Xen 4.1.2
Xen Xen 4.1.3
5.2
CVSSv2
CVE-2014-1891
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and previous versions, when XSM is enabled, allow local users to cause a denial of service ...
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 3.2.2
Xen Xen 3.2.3
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.3.1
Xen Xen
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 4.1.0
4.9
CVSSv2
CVE-2017-15596
An issue exists in Xen 4.4.x up to and including 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.4.4
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.6.0
Xen Xen 4.7.0
Xen Xen 4.7.2
Xen Xen 4.7.3
Xen Xen 4.8.0
Xen Xen 4.9.0
Xen Xen 4.4.2
Xen Xen 4.5.5
Xen Xen 4.6.2
Xen Xen 4.6.3
Xen Xen 4.8.2
Xen Xen 4.4.3
Xen Xen 4.6.4
Xen Xen 4.6.5
Xen Xen 4.6.6
Xen Xen 4.7.1
1.9
CVSSv2
CVE-2013-1917
Xen 3.1 up to and including 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handl...
Xen Xen 3.1.4
Xen Xen 3.1.3
Xen Xen 3.3.0
Xen Xen 3.4.3
Xen Xen 4.0.2
Xen Xen 4.0.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 3.3.1
Xen Xen 3.3.2
Xen Xen 4.0.4
Xen Xen 4.0.3
Xen Xen 4.2.0
Xen Xen 4.1.3
Xen Xen 3.2.3
Xen Xen 3.2.1
Xen Xen 3.4.4
Xen Xen 3.4.1
Xen Xen 4.0.0
Xen Xen 4.1.4
Xen Xen 3.2.2
Xen Xen 3.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »