656 matches found
UBUNTU-CVE-2021-28711
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
UBUNTU-CVE-2021-28713
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
CVE-2021-28713
CVE-2021-28713 affects the hvc_xen (console) backend in Xen, where a malicious driver-domain can generate high-frequency events to exhaust guest interrupt handling and cause a Denial of Service. The initial entry notes three affected backends (blkfront CVE-2021-28711, netfront CVE-2021-28712, hvc...
CVE-2021-28713
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
CVE-2021-28713
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
CVE-2021-28712
The CVE-2021-28712 entry concerns Xen PV backends running in unprivileged driver domains. The root cause is that malicious driver domains can overwhelm guest interrupts by sending high-frequency events, causing Denial of Service. Three backends are affected: blkfront patch 1 (CVE-2021-28711), net...
CVE-2021-28712
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
CVE-2021-28711
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
CVE-2021-28711
Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "drive...
DEBIAN-CVE-2021-23727
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...
CVE-2021-23727 Stored Command Injection
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...
Rogue backends can cause DoS of guests via high frequency events
ISSUE DESCRIPTION Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as "driver domains". Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the...
py39-celery -- command injection vulnerability
Snyk reports: This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within ...
OESA-2021-1392 sane-backends security update
SANE Scanner Access Now Easy is a sane and simple interface to both local and networked scanners and other image acquisition devices like digital still and video cameras. Security Fixes: An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local...
Response Splitting from unsanitized headers
Impact http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names Header.nameå Header values Header.value Status reason phrases Status.reason URI paths Uri.Path URI authority registered names...
CVE-2021-32556
It was discovered that the getmodifiedconffiles function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg1 call...
CVE-2021-32556 apport get_modified_conffiles() function command injection
It was discovered that the getmodifiedconffiles function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg1 call...
SUSE: Security Advisory (SUSE-SU-2020:3065-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:0717-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 8 : sane-backends (ELSA-2021-1744)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1744 advisory. 1.0.27-22 - related 1852663 - needed to rebuild due infrastructure error 1.0.27-21 - 1852663, 1848097 - NULL pointer dereference in saneiepsonnetread function...