36 matches found
CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
UBUNTU-CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558 grant table v2 race in status page mapping
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
xen-4.21.1_04-1.1 on GA media (moderate)
xen-4.21.104-1.1 on GA media Announcement ID: openSUSE-SU-2026:10660-1 Rating: moderate Cross-References: CVE-2026-23557 CVE-2026-23558 CVSS scores: CVE-2026-23557 SUSE : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2026-23558 SUSE : 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H...
Linux Distros Unpatched Vulnerability : CVE-2026-23558
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version...
SUSE CVE-2026-23558
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...
CVE-2026-23558
creationtimestamp| type| source ---|---|--- 2026-04-28 12:54:09+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mkkmx3sy7i2s 2026-04-29 01:49:24+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-citrix-xenserver 2026-04-29 12:45:35+00:00| seen|...
CVE-2022-23558
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...
CVE-2025-23558
Cross-Site Request Forgery CSRF vulnerability in digitalfisherman Geotagged Media geotagged-media allows Stored XSS.This issue affects Geotagged Media: from n/a through = 0.3.0...
CVE-2025-23558
creationtimestamp| type| source ---|---|--- 2025-01-16 20:17:54+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3yn2wd42f 2025-01-16 22:23:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113840370056197136...
CVE-2025-23558
Cross-Site Request Forgery CSRF vulnerability in digitalfisherman Geotagged Media geotagged-media allows Stored XSS.This issue affects Geotagged Media: from n/a through = 0.3.0...
CVE-2025-23558 WordPress Geotagged Media plugin <= 0.3.0 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in digitalfisherman Geotagged Media geotagged-media allows Stored XSS.This issue affects Geotagged Media: from n/a through = 0.3.0...
CVE-2024-23558
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2024-23558
The CVE-2024-23558 entry concerns HCL DevOps Deploy / HCL Launch where logout does not invalidate the user session, enabling an authenticated user to impersonate another user on the system. Connected documents confirm the issue origin as a session invalidation failure after logout, with CVSS deta...
CVE-2024-23558 HCL DevOps Deploy / HCL Launch does not invalidate all session authentication cookies after logout
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system...
CVE-2023-23558
In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in tha...
CVE-2023-23558
CVE-2023-23558 : In Eternal Terminal 6.2.1, TelemetryService uses fixed paths under /tmp. An attacker with local access can pre-create /tmp/.sentry-native-etserver (mode 0777) before etserver starts, enabling reading or modification of that file. This leads to potential information disclosure and...
CVE-2020-23558
CVE-2020-23558 affects IrfanView 4.54. The vulnerability is a user-mode write access violation triggered in FORMATS!ShowPlugInSaveOptions_W+0x7f4b. The available data indicate a local attack vector with no user interaction, and CVSS 3.1 base metrics assign a HIGH impact on confidentiality, integr...
aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23558 via tensorflow (>=2.7.0 <=2.7.0rc1)
tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23558 Source advisory: OSV:GHSA-9GWQ-6CWJ-47H3...