Page 90 of 693 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction Xenstore: los invitados pueden dejar ejecutar xenstored sin memoria. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] Los invitados maliciosos pueden hacer que xenstored asigne grandes cantidades de memoria, lo que eventualmente resultará en una Denegación de Servicio (DoS) de xenstored. • http://xenbits.xen.org/xsa/advisory-326.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://www.debian.org/security/2022/dsa-5272 https://xenbits.xenproject.org/xsa/advisory-326.txt • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring. • http://www.openwall.com/lists/oss-security/2022/11/01/10 http://xenbits.xen.org/xsa/advisory-420.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://security.gentoo.org/glsa/202402-07 https:/ • CWE-681: Incorrect Conversion between Numeric Types •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service (DoS) of xenstored. There are multiple ways how guests can cause large memory allocations in xenstored: - - by issuing new requests to xenstored without reading the responses, causing the responses to be buffered in memory - - by causing large number of watch events to be generated via setting up multiple xenstore watches and then e.g. deleting many xenstore nodes below the watched path - - by creating as many nodes as allowed with the maximum allowed size and path length in as many transactions as possible - - by accessing many nodes inside a transaction Xenstore: los invitados pueden dejar ejecutar xenstored sin memoria. Este registro de información CNA se relaciona con múltiples CVE; el texto explica qué aspectos/vulnerabilidades corresponden a cada CVE.] Los invitados maliciosos pueden hacer que xenstored asigne grandes cantidades de memoria, lo que eventualmente resultará en una Denegación de Servicio (DoS) de xenstored. • http://xenbits.xen.org/xsa/advisory-326.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZVXG7OOOXCX6VIPEMLFDPIPUTFAYWPE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://www.debian.org/security/2022/dsa-5272 https://xenbits.xenproject.org/xsa/advisory-326.txt • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. x86: intercambio de memoria no deseado entre invitados En los sistemas Intel que admiten la función "virtualizar accesos APIC", un invitado puede leer y escribir la página xAPIC compartida global sacando el APIC local del modo xAPIC. El acceso a esta página compartida evita el aislamiento esperado que debería existir entre dos invitados. • http://www.openwall.com/lists/oss-security/2022/11/01/3 http://xenbits.xen.org/xsa/advisory-412.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTMITQBGC23MSDHUCAPCVGLMVXIBXQTQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLI2NPNEH7CNJO3VZGQNOI4M4EWLNKPZ https://security.gentoo.org/glsa/202402-07 https://xenbits.xenproject.org/xsa/advisory-412.txt •

CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0

A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Processing maliciously crafted web content may lead to arbitrary code execution. Se solucionó un problema de confusión de tipos mejorando el manejo de la memoria. Este problema se solucionó en tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 y iPadOS 16. • http://www.openwall.com/lists/oss-security/2022/11/04/4 https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5LF4LYP725XZ7RWOPFUV6DGPN4Q5DUU4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQKLEGJK3LHAKUQOLBHNR2DI3IUGLLTY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JOFKX6BUEJFECSVFV6P5INQCOYQBB4NZ https://security.gentoo.org/glsa/202 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •