Lucene search
K

12783 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-42486

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-42486 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS0.0014EPSS
Exploits0References1
CVE
CVE
added 4 days ago21 views

CVE-2026-23562

The CVE-2026-23562 entry concerns RBAC mis-configuration in XAPI. The advisory notes that the PCI passthrough configuration was normally restricted to pool-admin, but one API did not enforce this check, allowing a vm-admin to access unintended host hardware. This is described alongside related RB...

9.4CVSS7.2AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-23562 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS0.0014EPSS
Exploits0References1
CVE
CVE
added 4 days ago30 views

CVE-2026-23561

CVE-2026-23561 is part of a set of RBAC-related issues in XAPI (XenServer/XCP-ng) where certain administrator roles (vm-admin, etc.) can improperly modify RBAC-protected settings. Specifically, this CVE allows a vm-admin to set VM.other_config:storage_driver_domain and mark a VM as the storage do...

9.4CVSS7.3AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 4 days ago52 views

CVE-2025-27464

CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 5:42 a.m.2 views

SUSE-SU-2026:2668-1 Security update for xen

This update for xen fixes the following issues: - CVE-2026-42487: xen: x86 HVM I/O port list traversal XSA-491 bsc1266952. - CVE-2026-42488: xen: x86: mismatched mapcache metadata XSA-494 bsc1266955. - CVE-2026-42489,CVE-2026-42490: xen: domctl lock open to abuse XSA-492 bsc1266953...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

AlmaLinux 10 : kernel (ALSA-2026:27288)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27288 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...

9.8CVSS6.8AI score0.004EPSS
Exploits11References17
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES15: xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc (SUSE-SU-2026:2613-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2613-1 advisory. This update for xen fixes the following issues - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-42487:...

8.1CVSS5.9AI score0.00353EPSS
Exploits0References15
OSV
OSV
added 2026/06/25 12:3 p.m.3 views

RLSA-2026:27789 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free vi...

7.8CVSS6.8AI score0.004EPSS
Exploits11References18
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

RockyLinux 9 : kernel (RLSA-2026:27789)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27789 advisory. kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished...

9.8CVSS7.1AI score0.004EPSS
Exploits11References35
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Qemu

An “off-by-one” error was detected in QEMU’s KVM Xen guest support. A malicious guest could exploit this flaw to trigger out-of-bounds heap accesses in the QEMU process through the emulated Xen physdev hypercall interface, resulting in a denial of service or potential memory corruption...

6.5CVSS7.1AI score0.00143EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: scsi: xen: scsiback: Fixed a potential memory leak in scsibackremove. The memory allocated for the struct vscsiblkinfo structure in scsibackprobe is not freed in scsibackRemove, resulting in potential memory leaks during the...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: 9p/xen: Protect xen9pfsfrontfree against concurrent calls The xenwatch thread can race with other backend change notifications and call xen9pfsfrontfree twice, causing the observed general protection fault due to a double-free...

8.8CVSS5.7AI score0.00241EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: xen-netback: Rejects configurations with a zero queue count from guests. A malicious or faulty Xen guest can set the value of the xenbus key “multi-queue-num-queues” to “0”. The connect function in the backend only validates the...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 9:1 a.m.3 views

SUSE-SU-2026:2613-1 Security update for xen

This update for xen fixes the following issues - CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption bsc1264066. - CVE-2026-42487: x86 HVM I/O port list traversal bsc1266952. - CVE-2026-42488: x86: mismatched mapcache metadata bsc1266955. - CVE-2026-42489,CVE-2026-42490: domctl lock open to abus...

8.1CVSS5.8AI score0.00353EPSS
Exploits0References10
OSV
OSV
added 2026/06/22 12:4 p.m.7 views

RLSA-2026:27288 Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf use-after-free in isotpsendmsg CVE-2026-31474 kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: rxrpc: Fix RxGK token loading t...

7.8CVSS6.5AI score0.004EPSS
Exploits11References16
Rockylinux
Rockylinux
added 2026/06/22 12:4 p.m.8 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.8CVSS6.5AI score0.004EPSS
Exploits11
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.21 views

kernel: xen/privcmd: fix double free via VMA splitting

A flaw was found in the Linux kernel's xen/privcmd module. A local user could exploit this by performing a partial unmapping of a privcmd memory region. This action causes a Virtual Memory Area VMA to split, leading to duplicated internal memory pointers. As a result, the same memory can be freed...

7.8CVSS5.7AI score0.00183EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.13 views

RHEL 10 : kernel (RHSA-2026:27288)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27288 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: isotp: fix tx.buf...

9.8CVSS7AI score0.004EPSS
Exploits11References32
Rows per page
Query Builder