|
200911
|
9.1 |
CRITICAL
Network
|
icinga
|
icinga
|
Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-29663
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200912
|
7.5 |
HIGH
Network
|
xen
|
xapi
|
An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and da…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29487
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200913
|
5.5 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. Th…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2020-29485
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200914
|
6.2 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing …
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29570
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200915
|
6.0 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. However, node ownership has quota implications. Any guest can run an…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29486
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200916
|
6.0 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore …
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-29484
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200917
|
6.5 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connec…
|
CWE-416
Use After Free
|
CVE-2020-29483
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200918
|
6.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is a…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2020-29568
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200919
|
6.0 |
MEDIUM
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID …
|
CWE-426
Untrusted Search Path
|
CVE-2020-29482
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200920
|
8.8 |
HIGH
Local
|
xen
debian
fedoraproject
|
xen
debian_linux
fedora
|
An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This mean…
|
CWE-269
Improper Privilege Management
|
CVE-2020-29481
|
2024-11-21 14:24 |
2020-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
