Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

xen xen 4.3.3 vulnerabilities and exploits

(subscribe to this query)
7.8
CVSSv2

CVE-2015-0361

Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.
Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.2.4Xen Xen 4.2.5Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.2Xen Xen 4.3.3Xen Xen 4.4.0Xen Xen 4.4.1
8.6
CVSSv3

CVE-2015-8555

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and previous versions do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vect...
Citrix Xenserver 6.0Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.2Xen Xen 4.3.3Xen Xen 4.3.4Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.4.2Xen Xen 4.4.3Xen Xen 4.4.4Xen Xen 4.5.0
6.7
CVSSv3

CVE-2016-4962

The libxl device-handling in Xen 4.6.x and previous versions allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
Oracle Vm Server 3.3Oracle Vm Server 3.4Xen Xen 4.3.0Xen Xen 4.3.1Xen Xen 4.3.2Xen Xen 4.3.3Xen Xen 4.3.4Xen Xen 4.4.0Xen Xen 4.4.1Xen Xen 4.4.2Xen Xen 4.4.3Xen Xen 4.4.4
3.6
CVSSv2

CVE-2015-7311

libxl in Xen 4.1.x up to and including 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.
Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.1.6.1Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3Xen Xen 4.2.4
7.8
CVSSv2

CVE-2015-8341

The libxl toolstack library in Xen 4.1.x up to and including 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allows malicious users to cause a denial of service (memory and disk consu...
Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.1.6Xen Xen 4.1.6.1Xen Xen 4.2.0Xen Xen 4.2.1Xen Xen 4.2.2Xen Xen 4.2.3
8.5
CVSSv3

CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x up to and including 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the...
Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.1.6Xen Xen 4.1.6.1Xen Xen 4.2.0Xen Xen 4.2.1
4.7
CVSSv3

CVE-2016-4963

The libxl device-handling in Xen up to and including 4.6.x allows local guest OS users with access to the driver domain to cause a denial of service (management tool confusion) by manipulating information in the backend directories in xenstore.
Xen Xen 4.0.0Xen Xen 4.0.1Xen Xen 4.0.2Xen Xen 4.0.3Xen Xen 4.0.4Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2Xen Xen 4.1.3Xen Xen 4.1.4Xen Xen 4.1.5Xen Xen 4.1.6
6.3
CVSSv3

CVE-2016-1571

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x up to and including 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID...
Citrix XenserverXen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4Xen Xen 4.1.0Xen Xen 4.1.1Xen Xen 4.1.2
4.7
CVSSv2

CVE-2015-8339

The memory_exchange function in common/memory.c in Xen 3.2.x up to and including 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
Xen Xen 3.2.0Xen Xen 3.2.1Xen Xen 3.2.2Xen Xen 3.2.3Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4
4.7
CVSSv2

CVE-2015-8340

The memory_exchange function in common/memory.c in Xen 3.2.x up to and including 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host crash) via unspecified vectors, related to XENMEM_exchange error handli...
Xen Xen 3.2.0Xen Xen 3.2.1Xen Xen 3.2.2Xen Xen 3.2.3Xen Xen 3.3.0Xen Xen 3.3.1Xen Xen 3.3.2Xen Xen 3.4.0Xen Xen 3.4.1Xen Xen 3.4.2Xen Xen 3.4.3Xen Xen 3.4.4
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-0998CVE-2025-26779unknownCVE-2025-1094CVE-2025-1336enituretechnologyunauthorizedCVE-2024-57970s2member prooliver pos – a woocommerce point of sale (pos)CVE-2024-40591race conditiondeserialization
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook