Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xen vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2014-1950
Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen 4.1.x up to and including 4.3.x, when using a multithreaded toolstack, does not properly handle a failure by the xc_cpumap_alloc function, which allows local users with access to management functions to cause ...
Xen Xen 4.1.5
Xen Xen 4.1.6.1
Xen Xen 4.1.1
Xen Xen 4.1.2
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.1.3
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.2.0
Xen Xen 4.2.1
490
VMScore
CVE-2011-2901
Off-by-one error in the __addr_ok macro in Xen 3.3 and previous versions allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.
Xen Xen 3.2.0
Xen Xen 3.2.1
Xen Xen 3.0.4
Xen Xen
Xen Xen 3.2.2
Xen Xen 3.0.3
Xen Xen 3.2.3
Xen Xen 3.0.2
Xen Xen 3.1.4
Xen Xen 3.1.3
418
VMScore
CVE-2012-5511
Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 up to and including 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.
Xen Xen 3.4.0
Xen Xen 4.0.3
Xen Xen 4.0.4
Xen Xen 4.0.1
Xen Xen 4.0.2
Xen Xen 3.4.1
Xen Xen 3.4.2
Xen Xen 3.4.3
Xen Xen 4.1.0
Xen Xen 3.4.4
Xen Xen 4.0.0
169
VMScore
CVE-2012-3432
The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash...
Xen Xen 3.3.0
Xen Xen 4.1.1
Xen Xen 4.0.2
Xen Xen 4.0.1
Xen Xen 4.1.3
Xen Xen 4.1.2
Xen Xen 4.1.0
Xen Xen 4.2.0
Xen Xen 4.0.0
Xen Xen 4.0.4
Xen Xen 4.0.3
418
VMScore
CVE-2016-5242
The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x up to and including 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (NULL pointer dereference and host OS crash) by creating concurrent domains and holding references to them,...
Xen Xen 4.5.3
Xen Xen 4.5.2
Xen Xen 4.4.0
Xen Xen 4.5.1
Xen Xen 4.5.0
Xen Xen 4.4.4
Xen Xen 4.4.3
Xen Xen 4.4.2
Xen Xen 4.6.1
Xen Xen 4.6.0
Xen Xen 4.4.1
614
VMScore
CVE-2013-1964
Xen 4.0.x and 4.1.x incorrectly releases a grant reference when releasing a non-v1, non-transitive grant, which allows local guest administrators to cause a denial of service (host crash), obtain sensitive information, or possibly have other impacts via unspecified vectors.
Xen Xen 4.0.0
Xen Xen 4.1.1
Xen Xen 4.0.2
Xen Xen 4.0.1
Xen Xen 4.1.5
Xen Xen 4.0.4
Xen Xen 4.0.3
Xen Xen 4.1.2
Xen Xen 4.1.4
Xen Xen 4.1.0
Xen Xen 4.1.3
641
VMScore
CVE-2016-6258
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and previous versions allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
Xen Xen 4.7.0
Xen Xen 4.0.0
Xen Xen 4.1.3
Xen Xen 4.0.1
Xen Xen 4.0.4
Xen Xen 4.1.0
Xen Xen 4.1.1
Xen Xen 4.6.3
Xen Xen 4.6.1
Xen Xen 4.1.4
Xen Xen 4.3.0
Xen Xen 4.4.0
Xen Xen 4.5.0
Xen Xen 4.3.1
Xen Xen 4.1.2
Xen Xen 3.4.0
Xen Xen 3.4.2
Xen Xen 4.6.0
Xen Xen 4.1.5
Xen Xen 4.2.3
Xen Xen 4.2.2
Xen Xen 3.4.3
1 Article
463
VMScore
CVE-2014-1894
Multiple integer overflows in unspecified suboperations in the flask hypercall in Xen 3.2.x and previous versions, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1891, CVE-2014...
Xen Xen 3.0.2
Xen Xen 3.1.4
Xen Xen 3.0.4
Xen Xen 3.0.3
Xen Xen
Xen Xen 3.2.1
Xen Xen 3.2.2
Xen Xen 3.1.3
Xen Xen 3.2.0
436
VMScore
CVE-2015-4163
GNTTABOP_swap_grant_ref in Xen 4.2 up to and including 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hypercall without a GNTTABOP_setup_table or GNTTABOP_set_version.
Xen Xen 4.3.0
Xen Xen 4.3.1
Xen Xen 4.2.0
Xen Xen 4.2.1
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.3.4
Xen Xen 4.2.2
Xen Xen 4.2.3
Xen Xen 4.5.0
187
VMScore
CVE-2012-4539
Xen 4.0 up to and including 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infin...
Xen Xen 4.1.1
Xen Xen 4.1.0
Xen Xen 4.0.1
Xen Xen 4.0.0
Xen Xen 4.1.2
Xen Xen 4.0.4
Xen Xen 4.2.0
Xen Xen 4.1.3
Xen Xen 4.0.3
Xen Xen 4.0.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »