Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen xen 4.5.0 vulnerabilities and exploits
(subscribe to this query)
436
VMScore
CVE-2015-4164
The compat_iret function in Xen 3.1 up to and including 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via a hypercall_iret call with EFLAGS.VM set.
Xen Xen 3.1.3
Xen Xen 3.1.4
Xen Xen 3.3.2
Xen Xen 3.4.0
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.4.0
Xen Xen 3.2.2
Xen Xen 3.2.3
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 4.0.4
169
VMScore
CVE-2016-4963
The libxl device-handling in Xen up to and including 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
Xen Xen 4.6.1
Xen Xen 4.4.2
Xen Xen 4.4.1
Xen Xen 4.3.0
Xen Xen 4.2.5
Xen Xen 4.1.6
Xen Xen 4.1.5
Xen Xen 4.0.2
Xen Xen 4.0.1
Xen Xen 4.5.2
Xen Xen 4.5.1
Xen Xen 4.3.4
Xen Xen 4.3.3
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 4.1.0
Xen Xen 4.5.0
Xen Xen 4.4.4
Xen Xen 4.4.3
Xen Xen 4.3.2
418
VMScore
CVE-2016-1571
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x up to and including 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID...
Citrix Xenserver
Xen Xen 3.4.1
Xen Xen 3.4.0
Xen Xen 4.5.0
Xen Xen 4.4.3
Xen Xen 4.3.3
Xen Xen 4.3.2
Xen Xen 4.2.0
Xen Xen 4.1.6.1
Xen Xen 4.1.0
Xen Xen 3.4.4
Xen Xen 3.4.3
Xen Xen 3.4.2
Xen Xen 4.5.2
Xen Xen 4.5.1
Xen Xen 4.3.4
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 4.2.1
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 3.3.2
641
VMScore
CVE-2016-6258
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and previous versions allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Xen Xen 4.7.0
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.0.1
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.6.3
Xen Xen 4.6.1
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.4.0
Xen Xen 4.5.0
Xen Xen 4.3.1
Xen Xen 4.1.2
Xen Xen 3.4.0
Xen Xen 3.4.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 3.4.3
1 Article
187
VMScore
CVE-2015-2045
The HYPERVISOR_xen_version hypercall in Xen 3.2.x up to and including 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
Xen Xen 3.2.1
Xen Xen 3.2.2
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 3.4.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 3.2.3
Xen Xen 3.3.0
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 3.3.1
Xen Xen 3.3.2
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.1.5
436
VMScore
CVE-2015-2756
QEMU, as used in Xen 3.3.x up to and including 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI...
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Xen Xen 4.4.0
Xen Xen 4.3.0
Xen Xen 4.5.0
Xen Xen 4.3.1
Xen Xen 4.3.2
Xen Xen 4.4.1
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.10
418
VMScore
CVE-2015-8339
The memory_exchange function in common/memory.c in Xen 3.2.x up to and including 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 3.2.2
Xen Xen 3.2.3
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.2.5
Xen Xen 4.3.0
Xen Xen 4.4.2
Xen Xen 4.4.3
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 3.2.1
Xen Xen 3.2.0
Xen Xen 4.1.6
Xen Xen 4.1.6.1
Xen Xen 4.3.1
Xen Xen 4.3.2
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.0.3
Xen Xen 4.0.4
418
VMScore
CVE-2015-8340
The memory_exchange function in common/memory.c in Xen 3.2.x up to and including 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handli...
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 3.2.1
Xen Xen 3.2.0
Xen Xen 4.1.6
Xen Xen 4.1.6.1
Xen Xen 4.2.2
Xen Xen 4.3.1
Xen Xen 4.3.2
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 3.3.1
Xen Xen 3.3.2
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.2.3
Xen Xen 4.2.4
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 3.4.0
436
VMScore
CVE-2017-14431
Memory leak in Xen 3.3 up to and including 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no pass-through device was ever assigned, aka XSA-207.
Xen Xen 3.3.0
Xen Xen 3.3.1
Xen Xen 3.3.2
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.2.5
Xen Xen 4.3.0
Xen Xen 4.4.1
Xen Xen 4.4.2
Xen Xen 4.5.5
Xen Xen 4.6.0
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.6
Xen Xen 4.1.6.1
Xen Xen 4.3.1
Xen Xen 4.3.2
Xen Xen 4.4.3
258
VMScore
CVE-2015-3340
Xen 4.2.x up to and including 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.3.3
Xen Xen 4.3.4
Xen Xen 4.5.0
Xen Xen 4.2.3
Xen Xen 4.2.4
Xen Xen 4.4.0
Xen Xen 4.2.0
Xen Xen 4.3.1
Xen Xen 4.3.2
Xen Xen 4.4.2
Xen Xen 4.4.1
Xen Xen 4.2.5
Xen Xen 4.3.0
Suse Suse Linux Enterprise Server 11.0
Suse Suse Linux Enterprise Software Development Kit 11.0
Suse Suse Linux Enterprise Desktop 11.0
Fedoraproject Fedora 22
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Debian Debian Linux 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »