Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv2
CVE-2013-2211
The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.1.0
Xen Xen 4.1.5
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.0.3
Xen Xen 4.0.4
4.3
CVSSv2
CVE-2013-2076
Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determine portions of the state of floating point instructions of other domains, which c...
Xen Xen 4.0.4
Xen Xen 4.0.2
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.0.3
Xen Xen 4.2.2
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.1.5
Xen Xen 4.1.2
Xen Xen 4.1.1
Xen Xen 4.1.0
Xen Xen 4.1.3
Xen Xen 4.1.4
5.2
CVSSv2
CVE-2013-2077
Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 4.0.0
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.1.0
Xen Xen 4.1.5
Xen Xen 4.2.2
Xen Xen 4.2.0
Xen Xen 4.2.1
6.7
CVSSv2
CVE-2014-3124
The HVMOP_set_mem_type control in Xen 4.1 up to and including 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations f...
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.1.6.1
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.1.4
Xen Xen 4.1.5
Xen Xen 4.4.0
Xen Xen 4.1.0
Xen Xen 4.1.1
5
CVSSv2
CVE-2015-8555
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and previous versions do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vect...
Citrix Xenserver 6.0
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.6.0
Xen Xen 4.3.4
Xen Xen 4.3.3
Xen Xen 4.4.1
Xen Xen 4.4.0
Xen Xen 4.3.2
Xen Xen 4.3.1
Xen Xen 4.5.3
Xen Xen 4.5.2
Xen Xen 4.3.0
Xen Xen 4.4.4
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.6.1
1.9
CVSSv2
CVE-2013-1952
Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, does not properly check the source when accessing a bridge device's interrupt remapping table entries for MSI interrupts, which allows local guest domains to cause a denial of service (interrupt injection...
Xen Xen 4.1.1
Xen Xen 4.0.2
Xen Xen 4.0.1
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 4.0.0
Xen Xen 4.1.4
Xen Xen 4.2.1
Xen Xen 4.1.3
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.0.4
Xen Xen 4.0.3
5
CVSSv2
CVE-2017-10916
The vCPU context-switch implementation in Xen up to and including 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.
Xen Xen 4.6.0
Xen Xen 4.6.1
Xen Xen 4.5.3
Xen Xen 4.5.5
Xen Xen 4.8.1
Xen Xen 4.5.0
Xen Xen 4.6.2
Xen Xen 4.6.4
Xen Xen 4.6.5
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.7.1
Xen Xen 4.8.0
5.2
CVSSv2
CVE-2013-4416
The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
Xen Xen 4.1.2
Xen Xen 4.1.3
Xen Xen 4.2.3
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.2.1
Xen Xen 4.2.2
Xen Xen 4.1.6.1
Xen Xen 4.2.0
Xen Xen 4.1.4
Xen Xen 4.1.5
4.7
CVSSv2
CVE-2013-2078
Xen 4.0.2 up to and including 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction.
Xen Xen 4.2.0
Xen Xen 4.1.5
Xen Xen 4.0.3
Xen Xen 4.0.2
Xen Xen 4.2.2
Xen Xen 4.1.4
Xen Xen 4.1.3
Xen Xen 4.2.1
Xen Xen 4.1.0
Xen Xen 4.0.4
Xen Xen 4.1.2
Xen Xen 4.1.1
4.7
CVSSv2
CVE-2012-6333
Multiple HVM control operations in Xen 3.4 up to and including 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 3.4.0
Xen Xen 3.4.1
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 3.4.4
Xen Xen 4.0.0
Xen Xen 4.0.1
Xen Xen 4.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »