48 matches found
Xen: Xenstored DoS by unprivileged domain (XSA-481)
Any guest issuing a Xenstore command accessing a node using the illegal node path '/local/domain/', will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
PT-2026-35352
A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...
EUVD-2026-14383
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
ALPINE-CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
UBUNTU-CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
CVE-2026-23555 Xenstored DoS by unprivileged domain
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
CVE-2026-23555 Xenstored DoS by unprivileged domain
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
CVE-2026-23555
CVE-2026-23555 describes a Xen hypervisor vulnerability where an unprivileged guest issuing a Xenstore command to the illegal node path "/local/domain/" can crash xenstored due to a clobbered error indicator. This is a local-attack DoS with no user interaction and high impact to availability. Con...
CVE-2026-23555
Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...
Xenstored DoS by unprivileged domain
ISSUE DESCRIPTION Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In ca...
CVE-2026-26952
Technical details beyond the initial description are not provided in the connected documents. Publicly available data describes stored HTML injection in Pi-hole Admin Interface up to version 6.4; no additional technical specifics are included here. Monitor for updates.
Pi-hole 安全漏洞
Pi-hole is a web-level ad blocking application developed by Pi-hole Inc. Versions of Pi-hole 6.4 and earlier contained a security vulnerability, which was caused by a storage-type HTML injection vulnerability in the local DNS record configuration page. This vulnerability could allow arbitrary HTM...
CVE-2022-31656
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate...
PT-2026-26015
Name of the Vulnerable Software and Affected Versions Xen affected versions not specified Description A guest issuing a Xenstore command accessing a node using the path '/local/domain/' can cause xenstored to crash due to a corrupted error indicator during node path verification. The crash is...
How to Configure NFSv4 on IBM AIX
Purpose This article documents steps to enable NFSv4 on IBM AIX to enable backup mount support for Veeam Agent for IBM AIX introduced with Veeam Backup & Replication 13. Solution Part 1: Configure the Host Resolution 1. Open the /etc/netsvc.conf file. 2. Ensure that the hosts parameter is set to...
CVE-2025-5941
Netskope is notified about a potential gap in its agent NS Client in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful...
CVE-2025-5941 Out-of-Bounds Read Vulnerability in Netskope Client
Netskope is notified about a potential gap in its agent NS Client in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful...
CVE-2024-52588
Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery SSRF. This issue has been patched in version 4.25.2...