Shodan
Vulnerabilities
Vulnerable Software
Xen:  >> Xen  Security Vulnerabilities
CVE-2016-9817
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-02-27
CVE-2016-9818
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-02-27
CVE-2016-9377
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-02-22
CVE-2016-9378
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-02-22
CVE-2016-9384
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-02-22
CVE-2016-10013
Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-01-26
CVE-2016-10024
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
CVSS Score
6.0
EPSS Score
0.001
Published
2017-01-26
CVE-2016-10025
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-01-26
CVE-2016-9932
CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.
CVSS Score
3.3
EPSS Score
0.001
Published
2017-01-26
CVE-2016-9379
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
CVSS Score
7.9
EPSS Score
0.001
Published
2017-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved