Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

Xen: Xenstored DoS by unprivileged domain (XSA-481)

Any guest issuing a Xenstore command accessing a node using the illegal node path '/local/domain/', will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.5AI score0.00181EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.6 views

Fedora 44 : xen (2026-f884fd0313)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f884fd0313 advisory. update to xen 4.21.1 ---- Use after free of paging structures in EPT XSA-480, CVE-2026-23554 Xenstored DoS by unprivileged domain XSA-481,...

7.8CVSS5.9AI score0.00181EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/03/26 5:52 p.m.2 views

Security update for xen

This update for xen fixes the following issues: CVE-2026-23554: xen: Use after free of paging structures in EPT bsc1259247, XSA-480 CVE-2026-23555: xen: Xenstored DoS by unprivileged domain bsc1259248, XSA-481 Patch Instructions: To install this SUSE update use the SUSE recommended installation...

8.2CVSS5.8AI score0.00181EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/25 12:30 p.m.3 views

EUVD-2026-15401

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

5.8AI score0.00154EPSS
Exploits0References11
NVD
NVD
added 2026/03/25 11:16 a.m.5 views

CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS0.00154EPSS
Exploits0References14
Vulnrichment
Vulnrichment
added 2026/03/23 6:57 a.m.3 views

CVE-2026-23555 Xenstored DoS by unprivileged domain

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

5.8AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/03/23 6:57 a.m.35 views

CVE-2026-23555

CVE-2026-23555 describes a Xen hypervisor vulnerability where an unprivileged guest issuing a Xenstore command to the illegal node path "/local/domain/" can crash xenstored due to a clobbered error indicator. This is a local-attack DoS with no user interaction and high impact to availability. Con...

7.1CVSS5.8AI score0.00181EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/22 12:0 a.m.5 views

Fedora 43 : xen (2026-8ae1a1c3d7)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-8ae1a1c3d7 advisory. Use after free of paging structures in EPT XSA-480, CVE-2026-23554 Xenstored DoS by unprivileged domain XSA-481, CVE-2026-23555 Tenable has extracte...

7.8CVSS5.9AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 4:32 p.m.4 views

SUSE-SU-2026:0908-1 Security update for xen

This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT bsc1259247, XSA-480 - CVE-2026-23555: xen: Xenstored DoS by unprivileged domain bsc1259248, XSA-481...

7.8CVSS5.8AI score0.00181EPSS
Exploits0References5
Xen Project
Xen Project
added 2026/03/17 12:0 p.m.8 views

Xenstored DoS by unprivileged domain

ISSUE DESCRIPTION Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In ca...

7.1CVSS5.6AI score0.00181EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/09/12 5:16 p.m.52 views

CVE-2025-4235

The CVE-2025-4235 entry describes an information-exposure vulnerability in Palo Alto Networks’ User-ID Credential Agent (Windows). Under specific non-default configurations, the service account password can be exposed, enabling an unprivileged Domain User to escalate privileges by abusing the acc...

7.2CVSS6.5AI score0.00177EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-42333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to...

8.6CVSS6.9AI score0.01189EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/03/22 4:10 a.m.3 views

SUSE CVE-2022-42334

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

6.7CVSS7.1AI score0.00267EPSS
Exploits0References16
OSV
OSV
added 2023/03/21 1:15 p.m.2 views

UBUNTU-CVE-2022-42333

x86/HVM pinned cache attributes mis-handling This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults...

8.6CVSS5.8AI score0.01189EPSS
Exploits0References7
Veracode
Veracode
added 2020/04/10 12:27 a.m.24 views

Denial Of Service (DoS)

xen is vulnerable to denial of service DoS. The vulnerability exists as it was discovered that the hypervisor's para-virtualized framebuffer PVFB backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain DomU to cause...

2.1CVSS3.4AI score0.00379EPSS
Exploits0References11Affected Software1
RedHat Linux
RedHat Linux
added 2009/01/07 10:33 a.m.27 views

Moderate: Red Hat Security Advisory: xen security and bug fix update

Updated xen packages that resolve several security issues and a bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The xen packages contain the Xen tools and management daemons needed to manage...

7.2CVSS5.8AI score0.01042EPSS
Exploits1References4
Rows per page
Query Builder