Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix xen vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2021-3308
An issue exists in Xen 4.12.3 up to and including 4.12.4 and 4.13.1 up to and including 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. S...
Xen Xen 4.12.4
Xen Xen 4.12.3
Xen Xen
Fedoraproject Fedora 32
7.2
CVSSv2
CVE-2017-8903
Xen up to and including 4.8.x on 64-bit platforms mishandles page tables after an IRET hypercall, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-213.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
6.8
CVSSv2
CVE-2017-8904
Xen up to and including 4.8.x mishandles the "contains segment descriptors" property during GNTTABOP_transfer (aka guest transfer) operations, which might allow PV guest OS users to execute arbitrary code on the host OS, aka XSA-214.
Xen Xen 4.8.1
Xen Xen 4.8.0
1 Github repository
7.2
CVSSv2
CVE-2017-15592
An issue exists in Xen up to and including 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
Xen Xen
2.1
CVSSv2
CVE-2020-11742
An issue exists in Xen up to and including 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135...
Xen Xen
Xen Xen 4.13.0
Fedoraproject Fedora 32
2.1
CVSSv2
CVE-2020-11743
An issue exists in Xen up to and including 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause ...
Xen Xen
Xen Xen 4.13.0
Fedoraproject Fedora 32
6.9
CVSSv2
CVE-2021-28705
issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them t...
Xen Xen 4.15.0
Xen Xen 4.15.1
Xen Xen
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 11.0
4.7
CVSSv2
CVE-2016-1571
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x up to and including 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID...
Citrix Xenserver
Xen Xen 3.4.1
Xen Xen 3.4.0
Xen Xen 4.5.0
Xen Xen 4.4.3
Xen Xen 4.3.3
Xen Xen 4.3.2
Xen Xen 4.2.0
Xen Xen 4.1.6.1
Xen Xen 4.1.0
Xen Xen 3.4.4
Xen Xen 3.4.3
Xen Xen 3.4.2
Xen Xen 4.5.2
Xen Xen 4.5.1
Xen Xen 4.3.4
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 3.3.2
NA
CVE-2023-34326
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA m...
Xen Xen
NA
CVE-2023-34327
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors...
Xen Xen
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »