35 matches found
ALPINE-CVE-2021-28703
grant table v2 status pages may remain accessible after de-allocation take two Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated whe...
DEBIAN-CVE-2021-28703
grant table v2 status pages may remain accessible after de-allocation take two Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated whe...
UBUNTU-CVE-2021-28703
grant table v2 status pages may remain accessible after de-allocation take two Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated whe...
CVE-2021-28703
grant table v2 status pages may remain accessible after de-allocation take two Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated whe...
PT-2021-17907 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.14 Description: The issue arises when grant table v2 status pages are de-allocated as a guest switches back from v2 to v1, potentially allowing a guest to retain access to a page that was freed and perhaps re-used for...
openSUSE 15 Security Update : xen (openSUSE-SU-2021:2923-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2923-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via...
DEBIAN-CVE-2021-28697
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...
Design/Logic Flaw
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...
UBUNTU-CVE-2021-28697
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...
CVE-2021-28697
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...
CVE-2021-28697
CVE-2021-28697 concerns Xen grant table v2 status pages: race conditions in freeing/deallocation of grant-table pages can allow a guest to retain access to a memory page after it has been freed, potentially enabling memory access after switches between v2 and v1. The issue is caused by racing gue...
CVE-2021-28697
grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...
USN-4925-1 shibboleth-sp vulnerability
Toni Huttunen and Fraktal Oy discovered that the Shibboleth Service provider allowed content injection due to allowing attacker-controlled parameters in error or other status pages. An attacker could use this to inject malicious content...
Cross site scripting
A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...
fli4l cross-site scripting vulnerability
fli4l is a Linux-based ISDN, DSL and Ethernet router product developed by the fli4l team, which can be configured via ASCII files and supports multiple connection methods, displaying and calculating connection times and costs, monitoring traffic and monitoring ISDN calls. A cross-site scripting...