Xen

Xen

479 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-34326

  • EPSS 0.07%
  • Veröffentlicht 05.01.2024 17:15:08
  • Zuletzt bearbeitet 04.11.2025 20:16:31

The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed...

5.5

CVE-2023-34327

  • EPSS 0.07%
  • Veröffentlicht 05.01.2024 17:15:08
  • Zuletzt bearbeitet 04.11.2025 20:16:31

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions....

5.5

CVE-2023-34328

  • EPSS 0.07%
  • Veröffentlicht 05.01.2024 17:15:08
  • Zuletzt bearbeitet 04.11.2025 20:16:31

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions....

5.5

CVE-2023-34320

  • EPSS 0.07%
  • Veröffentlicht 08.12.2023 21:15:07
  • Zuletzt bearbeitet 04.11.2025 20:16:30

Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read...

6.7

CVE-2023-4949

  • EPSS 0.04%
  • Veröffentlicht 10.11.2023 17:15:07
  • Zuletzt bearbeitet 21.11.2024 08:36:19

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.

7.8

CVE-2023-34319

  • EPSS 0.01%
  • Veröffentlicht 22.09.2023 14:15:45
  • Zuletzt bearbeitet 04.11.2025 20:16:29

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of ...

6.5

CVE-2022-40982

Exploit
  • EPSS 0.68%
  • Veröffentlicht 11.08.2023 03:15:14
  • Zuletzt bearbeitet 21.11.2024 07:22:21

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5

CVE-2023-20588

  • EPSS 7.78%
  • Veröffentlicht 08.08.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:41:10

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

5.5

CVE-2023-20593

Exploit
  • EPSS 6.32%
  • Veröffentlicht 24.07.2023 20:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:01

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

8.8

CVE-2022-4949

Exploit
  • EPSS 6.27%
  • Veröffentlicht 07.06.2023 02:15:15
  • Zuletzt bearbeitet 21.11.2024 07:36:18

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ ...