Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-38404

Malicious code in bioql PyPI...

5.5CVSS5.4AI score0.00256EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-34323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting i...

5.5CVSS6AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2024/01/05 5:15 p.m.10 views

CVE-2023-34323

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming th...

5.5CVSS6.3AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2024/01/05 5:15 p.m.18 views

CVE-2023-34323

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming th...

5.5CVSS7AI score
Exploits0References2
Prion
Prion
added 2024/01/05 5:15 p.m.25 views

Default credentials

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming th...

1.7CVSS6.8AI score0.00256EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/05 4:30 p.m.3 views

CVE-2023-34323 xenstored: A transaction conflict can crash C Xenstored

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming th...

7.1AI score0.00256EPSS
Exploits0References1
CVE
CVE
added 2024/01/05 4:30 p.m.86 views

CVE-2023-34323

CVE-2023-34323 affects the Xen stored component (C Xenstored). The issue arises when a transaction is committed: quota is checked, but some builds assume quota cannot be negative and use assert(), causing a crash if -DNDEBUG is not defined. Public details label the impact as local, with low privi...

5.5CVSS6.1AI score0.00256EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/11/30 8:56 p.m.24 views

NULL Pointer Dereference

xen is vulnerable to NULL Pointer Dereference. The vulnerability is due to the incorrect assumption in C Xenstored that the quota cannot be negative. This leads to a crash when accounting temporarily goes negative, as assert checks fail when tools are built with default settings, which do not...

5.5CVSS6.5AI score0.00256EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/26 12:0 a.m.33 views

Fedora 37 : xen (2023-881672fdab)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-881672fdab advisory. xenstored: A transaction conflict can crash C Xenstored XSA-440, CVE-2023-34323 x86/AMD: missing IOMMU TLB flushing XSA-442, CVE-2023-34326 Multiple...

7.8CVSS6.2AI score0.00289EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2023/10/25 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2023:4185-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6AI score0.00289EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/10/12 12:0 a.m.27 views

Xen: A transaction conflict can crash C Xenstored (XSA-440)

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming th...

5.5CVSS5.5AI score0.00256EPSS
Exploits0References2
Xen Project
Xen Project
added 2023/10/10 12:0 p.m.61 views

xenstored: A transaction conflict can crash C Xenstored

ISSUE DESCRIPTION When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstor...

5.5CVSS6.8AI score0.00256EPSS
Exploits0
Xen Project
Xen Project
added 2023/01/25 2:56 p.m.56 views

Guests can cause Xenstore crash via soft reset

ISSUE DESCRIPTION When a guest issues a "Soft Reset" e.g. for performing a kexec the libxl based Xen toolstack will normally perform a XSRELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XSRELEASE will have the same impact. IMPACT A...

7.5CVSS1.3AI score0.01362EPSS
Exploits0
OSV
OSV
added 2020/12/15 6:15 p.m.2 views

DEBIAN-CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

6CVSS6AI score0.00385EPSS
Exploits0References1
Prion
Prion
added 2020/12/15 6:15 p.m.19 views

Information disclosure

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

4.9CVSS5.8AI score0.004EPSS
Exploits0References4Affected Software3
OSV
OSV
added 2020/12/15 6:15 p.m.1 views

UBUNTU-CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

5.5CVSS6AI score0.004EPSS
Exploits0References5
OSV
OSV
added 2020/12/15 6:15 p.m.4 views

UBUNTU-CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

6CVSS5.9AI score0.00385EPSS
Exploits0References3
CVE
CVE
added 2020/12/15 5:26 p.m.76 views

CVE-2020-29485

CVE-2020-29485 concerns Xen 4.6–4.14.x where, on XS_RESET_WATCHES, Xenstored’s tracking information is not fully freed in the Ocaml Xenstored implementation, allowing unbounded memory growth and a system-wide DoS. The vulnerability affects hosts using the Ocaml Xenstored; the C Xenstored implemen...

5.5CVSS6.4AI score0.004EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2020/12/15 5:14 p.m.45 views

CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

6CVSS7AI score0.00385EPSS
Exploits0
Rows per page
Query Builder