Max CVSS 7.8 Min CVSS 1.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-8867 4.9
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) v
30-10-2018 - 16:27 01-12-2014 - 15:59
CVE-2014-9066 4.7
Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read
30-10-2018 - 16:27 09-12-2014 - 23:59
CVE-2014-9065 4.4
common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a dif
30-10-2018 - 16:27 09-12-2014 - 23:59
CVE-2014-8866 4.7
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vectors involving altering the high halves of register
30-10-2018 - 16:27 01-12-2014 - 15:59
CVE-2014-8594 5.4
The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointer dereference) by leveraging hardware emulation ser
30-10-2018 - 16:27 19-11-2014 - 18:59
CVE-2014-8595 1.9
arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJM
30-10-2018 - 16:27 19-11-2014 - 18:59
CVE-2014-9030 7.1
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an HVM guest and a crafted MMU_MACHPHYS_UPDATE.
30-10-2018 - 16:27 24-11-2014 - 15:59
CVE-2014-3967 5.5
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecif
30-10-2018 - 16:27 05-06-2014 - 20:55
CVE-2014-5146 4.7
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking thes
30-10-2018 - 16:27 22-08-2014 - 14:55
CVE-2013-3495 4.7
The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a Syst
30-10-2018 - 16:27 28-08-2013 - 21:55
CVE-2014-3968 5.5
The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.
30-10-2018 - 16:27 05-06-2014 - 20:55
CVE-2014-5149 4.7
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page a
30-10-2018 - 16:27 22-08-2014 - 14:55
CVE-2015-0361 7.8
Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use Aft
30-10-2018 - 16:27 07-01-2015 - 19:59
CVE-2015-2044 2.1
The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size.
30-10-2018 - 16:26 12-03-2015 - 14:59
CVE-2015-2752 4.9
The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host CPU consumption) via a crafted request to the devi
30-10-2018 - 16:26 01-04-2015 - 14:59
CVE-2015-2152 1.9
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY envi
30-10-2018 - 16:26 18-03-2015 - 16:59
CVE-2015-2756 4.9
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O
30-10-2018 - 16:26 01-04-2015 - 14:59
CVE-2015-2045 2.1
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
30-10-2018 - 16:26 12-03-2015 - 14:59
CVE-2015-2751 7.1
Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.
30-10-2018 - 16:26 01-04-2015 - 14:59
CVE-2013-2212 5.7
The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GF
22-12-2016 - 02:59 28-08-2013 - 21:55
Back to Top Mark selected
Back to Top