Lucene search
K

8 matches found

NVD
NVD
added 2 days ago5 views

CVE-2025-27464

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2025-210445

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2 days ago51 views

CVE-2025-27464

CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2 days ago41 views

CVE-2025-27463

The CVE-2025-27463 entry corresponds to the Windows PV drivers exposed by XenServer/Citrix Hypervisor. These PV devices (XenCons, XenIface, XenBus) reportedly expose facilities to userspace with no security descriptors, making them fully accessible to unprivileged users. The connected sources ide...

9.4CVSS7.4AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2 days ago3410 views

CVE-2025-27462

CVE-2025-27462 refers to the Windows PV drivers in XenServer/Citrix Hypervisor where several PV interfaces (XenCon s, XenIface, XenBus) expose no security descriptors, making them accessible to unprivileged users. The CVE is tied to the Windows PV drivers for XenServer 8.x; Linux guests are unaff...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
Xen Project
Xen Project
added 2025/05/27 12:0 p.m.35 views

WinPVDrivers: Excessive permissions on user-exposed devices

ISSUE DESCRIPTION The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464 IMPACT Unprivileged...

9.4CVSS7.4AI score0.00158EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/01 12:0 a.m.45 views

OracleVM 3.2 : xen (OVMSA-2017-0149)

The remote OracleVM system is missing necessary patches to address critical security updates : - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: PATCH gnttab: don't use domain lock for serialization Instead us...

8.8CVSS6.9AI score0.00452EPSS
Exploits0References4
Rows per page
Query Builder