CVE-2022-42317
- EPSS 0.25%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 05.05.2025 20:15:18
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of mem...
CVE-2022-42318
- EPSS 0.25%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 05.05.2025 17:18:18
Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of mem...
CVE-2022-42319
- EPSS 0.27%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:44
Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completel...
- EPSS 0.27%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:44
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is norma...
CVE-2022-42321
- EPSS 0.27%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:44
Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xen...
CVE-2022-42322
- EPSS 0.28%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:44
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a ...
CVE-2022-42323
- EPSS 0.28%
- Veröffentlicht 01.11.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:24:45
Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a ...
CVE-2022-40617
- EPSS 1.63%
- Veröffentlicht 31.10.2022 06:15:09
- Zuletzt bearbeitet 06.05.2025 19:15:56
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control...
CVE-2022-44020
- EPSS 0.22%
- Veröffentlicht 30.10.2022 00:15:10
- Zuletzt bearbeitet 07.05.2025 14:15:38
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsu...
CVE-2022-42915
- EPSS 2.93%
- Veröffentlicht 29.10.2022 20:15:09
- Zuletzt bearbeitet 07.05.2025 14:15:33
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol thro...