Xen

Source repositories

https://github.com/xen-project/xen

CVEs (479)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2018-12892	Xen Xen	Cri	0.65	9.9	0.03	Jul 2, 2018	An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to…
CVE-2017-10921	Xen Xen	Cri	0.65	10.0	0.03	Jul 5, 2017	The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka…
CVE-2017-10920	Xen Xen	Cri	0.65	10.0	0.03	Jul 5, 2017	The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged…
CVE-2017-10918	Xen Xen	Cri	0.65	10.0	0.04	Jul 5, 2017	Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
CVE-2017-10912	Xen Xen	Cri	0.65	10.0	0.03	Jul 5, 2017	Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
CVE-2017-10913	Xen Xen	Cri	0.64	9.8	0.03	Jul 5, 2017	The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.
CVE-2017-15595	Xen Xen	Hig	0.60	8.8	0.02	Oct 18, 2017	An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15597	Xen Xen	Cri	0.59	9.1	0.03	Oct 30, 2017	An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a…
CVE-2017-10917	Xen Xen	Cri	0.59	9.1	0.03	Jul 5, 2017	Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
CVE-2017-10915	Xen Xen	Cri	0.59	9.0	0.02	Jul 5, 2017	The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
CVE-2022-4949	Adsanityplugin Adsanity	Hig	0.58	8.8	0.02	Jun 7, 2023	The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload…
CVE-2015-8104	Xen Xen	Cri	0.58	10.0	0.03	Nov 16, 2015	The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
CVE-2018-10982	Xen Xen	Hig	0.57	8.8	0.00	May 10, 2018	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in…
CVE-2018-7541	Xen Xen	Hig	0.57	8.8	0.00	Feb 27, 2018	An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
CVE-2017-17045	Xen Xen	Hig	0.57	8.8	0.00	Nov 28, 2017	An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M)…
CVE-2017-15594	Xen Xen	Hig	0.57	8.8	0.00	Oct 18, 2017	An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15592	Xen Xen	Hig	0.57	8.8	0.00	Oct 18, 2017	An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15590	Xen Xen	Hig	0.57	8.8	0.00	Oct 18, 2017	An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2015-7504	QEMU Qemu	Hig	0.57	8.8	0.01	Oct 16, 2017	Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
CVE-2017-14319	Xen Xen	Hig	0.57	8.8	0.00	Sep 12, 2017	A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly,…

CVE-2018-12892CriJul 2, 2018
Xen
Xen
risk 0.65cvss 9.9epss 0.03
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or (in some situations) users may be able to write to…
CVE-2017-10921CriJul 5, 2017
Xen
Xen
risk 0.65cvss 10.0epss 0.03
The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka…
CVE-2017-10920CriJul 5, 2017
Xen
Xen
risk 0.65cvss 10.0epss 0.03
The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged…
CVE-2017-10918CriJul 5, 2017
Xen
Xen
risk 0.65cvss 10.0epss 0.04
Xen through 4.8.x does not validate memory allocations during certain P2M operations, which allows guest OS users to obtain privileged host OS access, aka XSA-222.
CVE-2017-10912CriJul 5, 2017
Xen
Xen
risk 0.65cvss 10.0epss 0.03
Xen through 4.8.x mishandles page transfer, which allows guest OS users to obtain privileged host OS access, aka XSA-217.
CVE-2017-10913CriJul 5, 2017
Xen
Xen
risk 0.64cvss 9.8epss 0.03
The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1.
CVE-2017-15595HigOct 18, 2017
Xen
Xen
risk 0.60cvss 8.8epss 0.02
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
CVE-2017-15597CriOct 30, 2017
Xen
Xen
risk 0.59cvss 9.1epss 0.03
An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a…
CVE-2017-10917CriJul 5, 2017
Xen
Xen
risk 0.59cvss 9.1epss 0.03
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
CVE-2017-10915CriJul 5, 2017
Xen
Xen
risk 0.59cvss 9.0epss 0.02
The shadow-paging feature in Xen through 4.8.x mismanages page references and consequently introduces a race condition, which allows guest OS users to obtain Xen privileges, aka XSA-219.
CVE-2022-4949HigJun 7, 2023
Adsanityplugin
Adsanity
risk 0.58cvss 8.8epss 0.02
The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ level privileges to upload…
CVE-2015-8104CriNov 16, 2015
Xen
Xen
risk 0.58cvss 10.0epss 0.03
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
CVE-2018-10982HigMay 10, 2018
Xen
Xen
risk 0.57cvss 8.8epss 0.00
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in…
CVE-2018-7541HigFeb 27, 2018
Xen
Xen
risk 0.57cvss 8.8epss 0.00
An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1.
CVE-2017-17045HigNov 28, 2017
Xen
Xen
risk 0.57cvss 8.8epss 0.00
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M)…
CVE-2017-15594HigOct 18, 2017
Xen
Xen
risk 0.57cvss 8.8epss 0.00
An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest OS users to cause a denial of service (hypervisor crash) or gain privileges because IDT settings are mishandled during CPU hotplugging.
CVE-2017-15592HigOct 18, 2017
Xen
Xen
risk 0.57cvss 8.8epss 0.00
An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.
CVE-2017-15590HigOct 18, 2017
Xen
Xen
risk 0.57cvss 8.8epss 0.00
An issue was discovered in Xen through 4.9.x allowing x86 guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because MSI mapping was mishandled.
CVE-2015-7504HigOct 16, 2017
QEMU
Qemu
risk 0.57cvss 8.8epss 0.01
Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.
CVE-2017-14319HigSep 12, 2017
Xen
Xen
risk 0.57cvss 8.8epss 0.00
A grant unmapping issue was discovered in Xen through 4.9.x. When removing or replacing a grant mapping, the x86 PV specific path needs to make sure page table entries remain in sync with other accounting done. Although the identity of the page frame was validated correctly,…

Page 1 of 24