Page 84 of 703 results (0.019 seconds)

CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de los búferes compartidos multinúcleo en algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente la divulgación de información por medio del acceso local A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to enable information disclosure via local access. • http://www.openwall.com/lists/oss-security/2022/06/16/1 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHTEW3RXU2GW6S3RCPQG4VNCZGI3TOSV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MCVOMHBQRH4KP7IN6U24CW7F2D2L5KBS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://lists.fedoraproject.org/archives& • CWE-459: Incomplete Cleanup •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. • https://github.com/sparklemotion/mechanize/commit/c7fe6996a5b95f9880653ba3bc548a8d4ef72317 https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OKZMR5O3T5HQ2V737TC7IU4WZRT2LGX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OA2FJROTX2U6EBWDPKRQ2VAM67A5TQXF • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. x86 pv: Una condición de carrera en la adquisición de typeref Xen mantiene un recuento de referencias de tipo para las páginas, además de un recuento de referencias regular. Este esquema es usado para mantener invariantes requeridos para la seguridad de Xen, por ejemplo, los huéspedes PV no pueden tener acceso directo de escritura a las tablas de páginas; las actualizaciones necesitan ser auditadas por Xen. • http://packetstormsecurity.com/files/167718/Xen-TLB-Flush-Bypass.html http://www.openwall.com/lists/oss-security/2022/06/09/3 http://xenbits.xen.org/xsa/advisory-401.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://security.gentoo.org/glsa/202208-23 https://www.debian.org/security/2022/dsa-5184 http • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. • http://packetstormsecurity.com/files/167710/Xen-PV-Guest-Non-SELFSNOOP-CPU-Memory-Corruption.html http://www.openwall.com/lists/oss-security/2022/06/09/4 http://xenbits.xen.org/xsa/advisory-402.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://security.gentoo.org/glsa/202208-23 https://www.debian.org/s •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. • http://www.openwall.com/lists/oss-security/2022/06/09/4 http://xenbits.xen.org/xsa/advisory-402.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OH65U6FTTB5MLH5A6Q3TW7KVCGOG4MYI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q https://security.gentoo.org/glsa/202208-23 https://www.debian.org/security/2022/dsa-5184 https://xenbits.xenproject.org/xsa/advisory-402.txt •