Lucene search
K

41 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.6 views

SUSE CVE-2022-1158

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

7.4CVSS6.4AI score0.00394EPSS
Exploits1References23
RedHat Linux
RedHat Linux
added 2022/11/29 2:5 p.m.4 views

kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region

A flaw was found in KVM. When updating a guest's page table entry, vmpgoff was improperly used as the offset to get the page's pfn. As vaddr and vmpgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and...

7.8CVSS6.6AI score0.00394EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2022/06/09 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-5467-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.0124EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2022/05/09 12:0 a.m.29 views

NewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2022-0075)

The remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMINFINITY and 1 Gigabyte of memory is allocated the maxim...

9.8CVSS7.2AI score0.06652EPSS
Exploits11References37
OSV
OSV
added 2021/11/10 5:15 p.m.5 views

CVE-2021-40517

Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access...

5.4CVSS6.1AI score0.0051EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/11/20 12:0 a.m.48 views

Fedora 31 : xen (2020-6dd36a716c)

revised patch for XSA-286 mitigating performance impact ---- x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286, CVE-2020-27674 1891092 ---- x86: Race condition in Xen mapping code XSA-345 undue deferral of IOMMU TLB flushes XSA-346 unsafe AMD IOMMU page table updates XSA-347 No...

7.8CVSS6.7AI score0.00353EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/11/06 12:0 a.m.37 views

openSUSE Security Update : xen (openSUSE-2020-1844)

This update for xen fixes the following issues : - bsc1177409 - VUL-0: CVE-2020-27673: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries XSA-286 - bsc1177412 - VUL-0: CVE-2020-27672: xen: Race condition in Xen mapping code XSA-345 - bsc1177413 - VUL-0: CVE-2020-27671: xen: undue...

7.8CVSS6.3AI score0.0041EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2020/10/23 7:5 p.m.27 views

CVE-2020-27670

A flaw was found in Xen in the AMD IOMMU page table updates. This flaw allows a malicious guest to cause a denial of service, host data corruption, or potential privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

7.8CVSS3.3AI score0.00251EPSS
Exploits0References4
Mageia
Mageia
added 2019/12/25 10:57 p.m.83 views

Updated microcode packages fix security vulnerabilities

NOTE! This is a refresh of the 20191112 security update we released as MGASA-2019-0334. This update provides the Intel 20191115 microcode release that adds more microcode side fixes and mitigations for the Core Gen 6 to Core gen 10, some Xeon E series, adressing at least the following security...

6.5CVSS1.9AI score0.03133EPSS
Exploits0References8
CNVD
CNVD
added 2019/12/12 12:0 a.m.2 views

Xen elevation of privilege vulnerability (CNVD-2020-07296)

Xen is an open source virtual machine monitor product. An elevation of privilege vulnerability exists in Xen 4.12. and earlier versions. The vulnerability stems from a race condition in page table upgrade and downgrade operations. An attacker could exploit this vulnerability to gain privileges on...

6.6CVSS9.3AI score0.01187EPSS
Exploits0References1
OSV
OSV
added 2019/11/19 9:16 p.m.14 views

MGASA-2019-0333 Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 5.3.11 and fixes at least the following security issues: Insufficient access control in a subsystem for Intel R processor graphics may allow an authenticated user to potentially enable escalation of privilege via local access CVE-2019-0155. A...

8.8CVSS8.1AI score0.04521EPSS
Exploits8References16
Mageia
Mageia
added 2019/11/19 9:16 p.m.64 views

Updated microcode packages fix security vulnerabilities

This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for at least the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and a...

6.5CVSS2.3AI score0.03133EPSS
Exploits0References7
OSV
OSV
added 2019/11/14 8:15 p.m.28 views

CVE-2018-12207

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

6.5CVSS4.4AI score
Exploits0References16
OSV
OSV
added 2019/11/14 8:15 p.m.2 views

ALPINE-CVE-2018-12207

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

6.5CVSS6.4AI score0.00915EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/14 7:8 p.m.25 views

CVE-2018-12207

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

7.1AI score0.00915EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2019/11/14 7:8 p.m.29 views

CVE-2018-12207

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

6.5CVSS7.1AI score0.00915EPSS
Exploits0
OSV
OSV
added 2019/11/12 6:0 p.m.4 views

UBUNTU-CVE-2018-12207

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access...

6.5CVSS6.8AI score0.00915EPSS
Exploits0References12
CNVD
CNVD
added 2019/10/08 12:0 a.m.3 views

Xen Denial of Service Vulnerability (CNVD-2019-34760)

Xen is an open source virtual machine monitor product. Xen has a denial of service vulnerability that can be exploited by an x86 PV client OS attacker to cause a denial of service via a long-running operation used to support the rebootability of PTE updates...

6.5CVSS8.6AI score0.0035EPSS
Exploits0References1
OSV
OSV
added 2016/01/22 3:59 p.m.6 views

CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...

8.5CVSS8.9AI score0.01153EPSS
Exploits0References3
OSV
OSV
added 2016/01/22 3:59 p.m.2 views

DEBIAN-CVE-2016-1570

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier MFN to the 1 MMUEXTMARKSUPER or 2...

8.5CVSS8.4AI score0.01153EPSS
Exploits0References1
Rows per page
Query Builder