Xen

Xen

491 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 5.79%
  • Veröffentlicht 24.07.2023 20:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:01

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.

Exploit
  • EPSS 2.2%
  • Veröffentlicht 07.06.2023 02:15:15
  • Zuletzt bearbeitet 08.04.2026 19:17:58

The AdSanity plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_upload' function in versions up to, and including, 1.8.1. This makes it possible for authenticated attackers with Contributor+ ...

  • EPSS 0.26%
  • Veröffentlicht 17.05.2023 01:15:09
  • Zuletzt bearbeitet 22.01.2025 20:15:29

Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was ...

  • EPSS 0.26%
  • Veröffentlicht 25.04.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the...

  • EPSS 1.19%
  • Veröffentlicht 21.03.2023 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an ...

  • EPSS 0.27%
  • Veröffentlicht 21.03.2023 13:15:12
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an ...

  • EPSS 0.27%
  • Veröffentlicht 21.03.2023 13:15:11
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RE...

  • EPSS 0.27%
  • Veröffentlicht 21.03.2023 13:15:11
  • Zuletzt bearbeitet 21.11.2024 07:24:46

x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory...

  • EPSS 1.36%
  • Veröffentlicht 26.01.2023 21:16:47
  • Zuletzt bearbeitet 21.11.2024 07:24:45

Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash ...

  • EPSS 0.59%
  • Veröffentlicht 09.11.2022 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:49:19

IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure.