945 matches found
MINI-M8CW-8R22-PVG9
Bulletin has no description...
CVE-2025-27464
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
EUVD-2025-210445
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
CVE-2025-27464
CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...
CVE-2025-27463
The CVE-2025-27463 entry corresponds to the Windows PV drivers exposed by XenServer/Citrix Hypervisor. These PV devices (XenCons, XenIface, XenBus) reportedly expose facilities to userspace with no security descriptors, making them fully accessible to unprivileged users. The connected sources ide...
CVE-2025-27462
CVE-2025-27462 refers to the Windows PV drivers in XenServer/Citrix Hypervisor where several PV interfaces (XenCon s, XenIface, XenBus) expose no security descriptors, making them accessible to unprivileged users. The CVE is tied to the Windows PV drivers for XenServer 8.x; Linux guests are unaff...
GHSA-QCCW-WMVP-8PV9 vulnerabilities
Vulnerabilities for packages: chromium...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 3.11 through 5.10.16, as used by Xen. When serving requests to the PV backend, the driver maps grant references provided by the frontend. During this process, errors may occur. In one case, an error encountered earlier might be discarded by late...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur during batch hypercalls, where multiple operations are performed in a single hypercall. The success or failure of each operation is reported to the backend driver, and the...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.10.1, as used with Xen up to version 4.14.x. The Linux kernel’s PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when the thread is stopped. However, the handler may not have enough time to execute if the...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...
MINI-W46X-6PV2-5WR8
Bulletin has no description...
MINI-CGQQ-47MW-5PV2
Bulletin has no description...
UBUNTU-CVE-2026-9516
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...
CVE-2026-9516
Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: acpi: Fixed suspend with Xen PV The commit f1e525009493 "x86/boot: Skipping realmode init code when running as Xen PV guest" missed one code path that accessed the realmodeheader, leading to a NULL dereference when suspending the...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...
Astra Linux – Vulnerability in Linux 5.10, Linux
Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...