xen (SUSE:Manager Proxy 4.2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Proxy 4.2 package xen, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (15)
CVE-2022-42333 — CVSS 8.6 (high): x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2022-42332 — CVSS 7.8 (high): x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted…
CVE-2023-34322 — CVSS 7.8 (high): For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself…
CVE-2023-34325 — CVSS 7.8 (high): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage…
CVE-2023-34326 — CVSS 7.8 (high): The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as…
CVE-2022-40982 — CVSS 6.5 (medium): Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R)…
CVE-2022-42334 — CVSS 6.5 (medium): x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which…
CVE-2023-34328 — CVSS 5.5 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs…
CVE-2022-42331 — CVSS 5.5 (medium): x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one…
CVE-2023-20588 — CVSS 5.5 (medium): A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.
CVE-2023-20593 — CVSS 5.5 (medium): An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive…
CVE-2023-34323 — CVSS 5.5 (medium): When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be…
CVE-2022-23824 — CVSS 5.5 (medium): IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information…
CVE-2023-34327 — CVSS 5.5 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs…
CVE-2023-20569 — CVSS 4.7 (medium): A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in…