Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen xen 4.0.3 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2014-7155
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and previous versions does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involvin...
Xen Xen 3.1.3
Xen Xen 3.1.4
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.4.0
Xen Xen
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 3.0.3
Xen Xen 3.0.4
Xen Xen 3.3.0
Xen Xen 3.3.1
5.7
CVSSv2
CVE-2013-2212
The vmx_set_uc_mode function in Xen 3.3 up to and including 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
Xen Xen 4.2.0
Xen Xen 4.3.0
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.1.3
5.4
CVSSv2
CVE-2014-8594
The do_mmu_update function in arch/x86/mm.c in Xen 4.x up to and including 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation services for HVM gues...
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Debian Debian Linux 7.0
Xen Xen 4.0.0
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.1.5
Xen Xen 4.1.6.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.2.0
Xen Xen 4.2.1
5.2
CVSSv2
CVE-2014-1892
Xen 3.3 up to and including 4.1, when XSM is enabled, allows local users to cause a denial of service via vectors related to a "large memory allocation," a different vulnerability than CVE-2014-1891, CVE-2014-1893, and CVE-2014-1894.
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
Xen Xen 4.1.6.1
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.1.3
Xen Xen 4.1.4
5.2
CVSSv2
CVE-2014-1893
Multiple integer overflows in the (1) FLASK_GETBOOL and (2) FLASK_SETBOOL suboperations in the flask hypercall in Xen 4.1.x, 3.3.x, 3.2.x, and previous versions, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a diffe...
Xen Xen 3.2.2
Xen Xen 3.2.3
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.1.3
5.2
CVSSv2
CVE-2013-4553
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x up to and including 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to cause a denial of service (host deadlock).
Xen Xen 4.3.1
Xen Xen 4.2.0
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.1.6.1
Xen Xen 4.0.0
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.2.3
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 3.4.4
Xen Xen 4.3.0
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.0.3
5.2
CVSSv2
CVE-2013-2077
Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.0.0
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.1.0
Xen Xen 4.1.5
Xen Xen 4.2.2
Xen Xen 4.2.0
Xen Xen 4.2.1
4.9
CVSSv2
CVE-2017-14431
Memory leak in Xen 3.3 up to and including 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 3.3.2
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.2.5
Xen Xen 4.3.0
Xen Xen 4.4.1
Xen Xen 4.4.2
Xen Xen 4.5.5
Xen Xen 4.6.0
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.6
Xen Xen 4.1.6.1
Xen Xen 4.3.1
Xen Xen 4.3.2
Xen Xen 4.4.3
4.9
CVSSv2
CVE-2015-7969
Multiple memory leaks in Xen 4.0 up to and including 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the ...
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.3.2
Xen Xen 4.3.4
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.0.0
Xen Xen 4.1.2
Xen Xen 4.1.3
4.9
CVSSv2
CVE-2015-4164
The compat_iret function in Xen 3.1 up to and including 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
Xen Xen 3.1.3
Xen Xen 3.1.4
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.4.0
Xen Xen 3.2.2
Xen Xen 3.2.3
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »