CVE-2022-26356

Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dirty hypercalls. A suitably timed call to XENDMOPtrackdirtyvram can enable log dirty whil...

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2025-26356

A CWE-35 "Path Traversal" in maxtime/api/database/database.lua setActive endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests...

CVE-2025-26356

CVE-2025-26356 affects Q-Free MaxTime

CVE-2021-26356

creationtimestamp| type| source ---|---|--- 2023-05-09 22:39:01+00:00| seen| https://t.me/cibsecurity/63664...

CVE-2021-26356

A TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure...

CVE-2021-26356

CVE-2021-26356 describes a TOCTOU vulnerability in the ASP bootloader that can allow tampering with the SPI ROM after memory reads, potentially causing S3 data corruption and information disclosure in AMD Secure Processor/ASP boot scenarios. Affected components include the ASP bootloader within A...

CVE-2023-26356 ZDI-CAN-19506: Adobe Dimension USD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Dimension versions 3.4.7 and earlier is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim...

CVE-2023-26356

Adobe Dimension is affected by CVE-2023-26356 (and related CVEs in APSB23-20) through an out-of-bounds read in USD file parsing, enabling information disclosure and memory exposure. The issue requires user interaction (victim opens a malicious USD file) and could bypass mitigations like ASLR. Aff...

Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)

The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...

SUSE: Security Advisory (SUSE-SU-2022:2158-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for xen (SUSE-SU-2022:1506-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OracleVM 3.4 : xen (OVMSA-2022-0012)

The remote OracleVM system is missing necessary patches to address security updates: - Racy interactions between dirty vram tracking and paging log dirty hypercalls Activation of log dirty mode done by XENDMOPtrackdirtyvram was named HVMOPtrackdirtyvram before Xen 4.9 is racy with ongoing log dir...

SUSE SLED15: xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc (SUSE-SU-2022:1506-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1506-1 advisory. - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a...

SUSE: Security Advisory (SUSE-SU-2022:1505-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for xen (FEDORA-2022-64b2c02d29)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2022:1506-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12: xen / xen-doc-html / xen-libs / xen-libs-32bit / xen-tools / etc (SUSE-SU-2022:1408-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1408-1 advisory. - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host...