Lucene search
K

169 matches found

NVD
NVD
added yesterday4 views

CVE-2026-23561

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-23562

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-23559

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
CVE
CVE
added yesterday18 views

CVE-2026-42486

Summary: CVE-2026-42486 is documented as a RBAC-related vulnerability in XAPI. Several CVEs describe over-permissive admin roles; specifically, CVE-2026-42486 states that a vm-admin can set VM.platform:hvm_serial, a setting that should be pool-admin restricted, and this can allow arbitrary dom0 f...

9.4CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-42486 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-23562 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
CVE
CVE
added yesterday18 views

CVE-2026-23562

The CVE-2026-23562 entry concerns RBAC mis-configuration in XAPI. The advisory notes that the PCI passthrough configuration was normally restricted to pool-admin, but one API did not enforce this check, allowing a vm-admin to access unintended host hardware. This is described alongside related RB...

9.4CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-23561 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42604

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.3AI score
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-23560

Summary: The CVE-2026-23560 issue is described in multiple sources as a RBAC-related vulnerability in XAPI for XenServer/XCP-ng where a vm-admin can modify VM.other-config:is_system_domain to mark a VM as a system domain. This can cause system domains to be ignored or hidden during certain host/p...

9.4CVSS7.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-23560 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42603

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.3AI score
Exploits0References1
CVE
CVE
added yesterday18 views

CVE-2026-23559

CVE-2026-23559 (and related RBAC issues 23560–23562, 42486) affect XAPI in XenServer/XCP-ng where a vm-admin can abuse RBAC to gain higher privileges, including arbitrary read/modify of dom0 files via VBD.other_config, alter system-domain status, disrupt PBD/storage-domain mappings, and potential...

9.4CVSS7.3AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42602

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday4 views

CVE-2026-23559 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
Xen Project
Xen Project
added 2026/04/28 6:5 p.m.12 views

Multiple RBAC issues in XAPI

ISSUE DESCRIPTION XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-release/rbac-overview.htmlrbac-roles The pool-admin role is fully privileged. Notably, users with this role can als...

9.4CVSS5.4AI score
Exploits0
Mageia
Mageia
added 2025/11/09 7:52 a.m.64 views

Updated xen packages fix security vulnerabilities

Double unlock in x86 guest IRQ handling. CVE-2024-31143 Xapi: Metadata injection attack against backup/restore functionality. CVE-2024-31144 Error handling in x86 IOMMU identity mapping. CVE-2024-31145 PCI device pass-through with shared resources. CVE-2024-31146 x86: Deadlock in vlapicerror...

9.8CVSS6.7AI score0.00723EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0196

Malware in sbrugna...

4.7CVSS8.5AI score0.00411EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-18274

Malware in sbrugna...

7.8CVSS6.2AI score0.00373EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-5518

Malware in sbrugna...

6.1CVSS8.5AI score0.00716EPSS
Exploits0References11
Rows per page
Query Builder