Xen

Xen

483 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2022-40982

Exploit
  • EPSS 0.85%
  • Veröffentlicht 11.08.2023 03:15:14
  • Zuletzt bearbeitet 21.11.2024 07:22:21

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5

CVE-2023-20588

  • EPSS 6.11%
  • Veröffentlicht 08.08.2023 18:15:11
  • Zuletzt bearbeitet 21.11.2024 07:41:10

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

5.5

CVE-2023-20593

Exploit
  • EPSS 5.88%
  • Veröffentlicht 24.07.2023 20:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:01

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

8.8

CVE-2022-4949

Exploit
  • EPSS 6.27%
  • Veröffentlicht 07.06.2023 02:15:15
  • Zuletzt bearbeitet 21.11.2024 07:36:18

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ ...

3.3

CVE-2022-42336

  • EPSS 0.05%
  • Veröffentlicht 17.05.2023 01:15:09
  • Zuletzt bearbeitet 22.01.2025 20:15:29

Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was ...

7.8

CVE-2022-42335

  • EPSS 0.07%
  • Veröffentlicht 25.04.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the...

8.6

CVE-2022-42333

  • EPSS 0.42%
  • Veröffentlicht 21.03.2023 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an ...

6.5

CVE-2022-42334

  • EPSS 0.05%
  • Veröffentlicht 21.03.2023 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an ...

5.5

CVE-2022-42331

  • EPSS 0.05%
  • Veröffentlicht 21.03.2023 13:15:11
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RE...

7.8

CVE-2022-42332

  • EPSS 0.04%
  • Veröffentlicht 21.03.2023 13:15:11
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory...