cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-33742,https://securityvulnerability.io/vulnerability/CVE-2022-33742,Data Leak Vulnerability in Linux Disk and NIC Frontends by Xen Project,"This vulnerability affects Xen Project's Linux disk and NIC frontends, which fail to properly zero memory regions before exposing them to the backend. This oversight allows data from unrelated memory areas to remain accessible within the same 4K page shared with a backend, leading to potential unauthorized data exposure. Users of affected versions are advised to review security patches and take necessary measures to mitigate risks associated with this vulnerability.",Linux,"Linux,Xen",7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-07-05T12:50:39.000Z,0
CVE-2022-33741,https://securityvulnerability.io/vulnerability/CVE-2022-33741,Data Leakage Vulnerability in Linux Disk and NIC Frontends by Xen Project,"The vulnerability arises due to improperly managed memory regions by Linux block and network frontends. In particular, these frontends fail to zero out specific memory regions prior to sharing them with the backend, which may allow unauthorized data exposure. Furthermore, the limitations in the granularity of the grant table restrict sharing to a minimum of a 4K page, meaning that unrelated data could coexist within the same page. This could potentially lead to backend systems accessing sensitive or unrelated data, increasing the attack surface significantly.",Linux,"Linux,Xen",7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-07-05T12:50:33.000Z,0
CVE-2022-33740,https://securityvulnerability.io/vulnerability/CVE-2022-33740,Data Leakage in Linux Disk and Network Frontends by Xen Project,"The vulnerability affects the Linux Block and Network PV device frontends in the Xen Project, where memory regions are not properly zeroed before they are shared with backend services. This oversight allows unrelated data to persist within the same 4K page, potentially enabling attackers to access sensitive information through these memory leaks. The lack of granularity in the grant table exacerbates the issue, making it a critical concern for systems relying on Xen virtualization for handling disk and network operations.",Linux,"Linux,Xen",7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-07-05T12:50:30.000Z,0
CVE-2022-26365,https://securityvulnerability.io/vulnerability/CVE-2022-26365,Data Leak Vulnerability in Linux Block and Network PV Device Frontends,"The Linux Block and Network PV device frontends are exposed to a data leak vulnerability that allows memory regions to be shared without being properly zeroed. This lack of memory sanitation can lead to unrelated data existing in the same memory page, potentially making sensitive information accessible through backend requests. The vulnerability arises due to granularity restrictions within the grant table, which necessitates the sharing of data in 4K page increments, further compounding the risk of unintended data exposure.",Linux,"Linux,Xen",7.1,HIGH,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-07-05T12:50:28.000Z,0