xensource_inc 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk input validation and パス処理の欠陥 に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact unexpected behavior and ファイル上書き などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-1619 | The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers to cause a denial of service (dom0 panic) via certain traffic, as demonstrated using an FTP stress test tool. | [email protected] | 4.3 | 0.63% | 2008-04-02 | 2026-04-23 |
| CVE-2007-6207 | Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. | [email protected] | 2.1 | 0.06% | 2007-12-04 | 2026-04-23 |
| CVE-2007-5907 | Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). | [email protected] | 4.7 | 0.06% | 2007-11-09 | 2026-04-23 |
| CVE-2007-5906 | Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. | [email protected] | 4.7 | 0.06% | 2007-11-09 | 2026-04-23 |
| CVE-2007-3919 | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. | [email protected] | 6.0 | 0.04% | 2007-10-28 | 2026-04-23 |
| CVE-2007-4993 | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. | [email protected] | 6.9 | 0.26% | 2007-09-27 | 2026-04-23 |