- EPSS 0.27%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:44
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is norma...
CVE-2022-42321
- EPSS 0.27%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:44
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xen...
CVE-2022-42322
- EPSS 0.28%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:44
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a ...
CVE-2022-42323
- EPSS 0.28%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:45
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a ...
CVE-2022-40617
- EPSS 1.63%
- Veröffentlicht 31.10.2022 06:15:09
- Zuletzt bearbeitet 06.05.2025 19:15:56
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control...
CVE-2022-41974
- EPSS 0.61%
- Veröffentlicht 29.10.2022 19:15:10
- Zuletzt bearbeitet 21.11.2024 07:24:11
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multip...
CVE-2022-41973
- EPSS 0.66%
- Veröffentlicht 29.10.2022 18:15:12
- Zuletzt bearbeitet 21.11.2024 07:24:11
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which...
CVE-2022-39286
- EPSS 1.06%
- Veröffentlicht 26.10.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:17:57
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD...
CVE-2022-39348
- EPSS 1.16%
- Veröffentlicht 26.10.2022 20:15:10
- Zuletzt bearbeitet 03.11.2025 22:15:59
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header une...
CVE-2022-3705
- EPSS 1.2%
- Veröffentlicht 26.10.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 07:20:04
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remo...