Xen Security Vulnerabilities and Issues — Xen CVE List

Lucene search

Xensource IncXen

6 matches found

CVE•added 2007/11/09 7:46 p.m.•64 views

CVE-2007-5907

Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash).

4.7CVSS5.2AI score0.0006EPSS

CVE•added 2007/10/28 5:8 p.m.•53 views

CVE-2007-3919

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

6CVSS6AI score0.00037EPSS

CVE•added 2007/09/27 5:17 p.m.•53 views

CVE-2007-4993

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

6.9CVSS6.6AI score0.00162EPSS

CVE•added 2007/11/09 7:46 p.m.•52 views

CVE-2007-5906

Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.

4.7CVSS6.2AI score0.00063EPSS

CVE•added 2007/12/04 12:46 a.m.•42 views

CVE-2007-6207

Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.

2.1CVSS6.1AI score0.00087EPSS

CVE•added 2008/04/02 4:44 p.m.•38 views

CVE-2008-1619

The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool.

4.3CVSS6.1AI score0.00632EPSS