cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2012-3498,https://securityvulnerability.io/vulnerability/CVE-2012-3498,,PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.,Citrix,"Xenserver,Xen",,,0.0006399999838322401,false,false,false,false,,false,false,2012-11-23T20:00:00.000Z,0
CVE-2012-3516,https://securityvulnerability.io/vulnerability/CVE-2012-3516,,The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.,Citrix,"Xenserver,Xen",,,0.0006200000061653554,false,false,false,false,,false,false,2012-11-23T20:00:00.000Z,0
CVE-2012-3496,https://securityvulnerability.io/vulnerability/CVE-2012-3496,,"XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.",Citrix,"Xenserver,Xen",,,0.0006399999838322401,false,false,false,false,,false,false,2012-11-23T20:00:00.000Z,0
CVE-2011-3262,https://securityvulnerability.io/vulnerability/CVE-2011-3262,,"tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to ""Lack of error checking in the decompression loop.""",Citrix,Xen,,,0.0004199999966658652,false,false,false,false,,false,false,2011-08-19T20:00:00.000Z,0
CVE-2011-1898,https://securityvulnerability.io/vulnerability/CVE-2011-1898,,"Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by ""using DMA to generate MSI interrupts by writing to the interrupt injection registers.""",Citrix,Xen,,,0.0006699999794363976,false,false,false,false,,false,false,2011-08-12T18:00:00.000Z,0
CVE-2011-1583,https://securityvulnerability.io/vulnerability/CVE-2011-1583,,"Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.",Citrix,Xen,,,0.0004199999966658652,false,false,false,false,,false,false,2011-08-12T18:00:00.000Z,0
CVE-2010-4255,https://securityvulnerability.io/vulnerability/CVE-2010-4255,,"The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access.",Citrix,Xen,,,0.00203000009059906,false,false,false,false,,false,false,2011-01-25T00:00:00.000Z,0
CVE-2010-4238,https://securityvulnerability.io/vulnerability/CVE-2010-4238,,"The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver.  NOTE: some of these details are obtained from third party information.",Citrix,Xen,,,0.0008999999845400453,false,false,false,false,,false,false,2011-01-22T21:00:00.000Z,0
CVE-2010-4247,https://securityvulnerability.io/vulnerability/CVE-2010-4247,,"The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers.  NOTE: some of these details are obtained from third party information.",Citrix,Xen,,,0.0006399999838322401,false,false,false,false,,false,false,2011-01-11T01:00:00.000Z,0
CVE-2010-3699,https://securityvulnerability.io/vulnerability/CVE-2010-3699,,"The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.",Citrix,Xen,,,0.0006399999838322401,false,false,false,false,,false,false,2010-12-08T19:00:00.000Z,0
CVE-2008-5716,https://securityvulnerability.io/vulnerability/CVE-2008-5716,,"xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid.  NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.",Citrix,Xen,,,0.0006200000061653554,false,false,false,false,,false,false,2008-12-24T17:00:00.000Z,0
CVE-2008-4405,https://securityvulnerability.io/vulnerability/CVE-2008-4405,,"xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid.  NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.",Citrix,Xen,,,0.0008500000112690032,false,false,false,false,,false,false,2008-10-03T17:18:00.000Z,0