Lucene search
+L

945 matches found

osv
osv
added 5 days ago4 views

MINI-M8CW-8R22-PVG9

Bulletin has no description...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
nvd
nvd
added 2026/07/09 4:16 p.m.6 views

CVE-2025-27464

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 2:35 p.m.6 views

EUVD-2025-210445

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/09 2:35 p.m.38 views

CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
cve
cve
added 2026/07/09 2:35 p.m.53 views

CVE-2025-27464

CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
cve
cve
added 2026/07/09 2:29 p.m.42 views

CVE-2025-27463

The CVE-2025-27463 entry corresponds to the Windows PV drivers exposed by XenServer/Citrix Hypervisor. These PV devices (XenCons, XenIface, XenBus) reportedly expose facilities to userspace with no security descriptors, making them fully accessible to unprivileged users. The connected sources ide...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
cve
cve
added 2026/07/09 2:27 p.m.3413 views

CVE-2025-27462

CVE-2025-27462 refers to the Windows PV drivers in XenServer/Citrix Hypervisor where several PV interfaces (XenCon s, XenIface, XenBus) expose no security descriptors, making them accessible to unprivileged users. The CVE is tied to the Windows PV drivers for XenServer 8.x; Linux guests are unaff...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
cgr
cgr
added 2026/07/01 2:16 p.m.1 views

GHSA-QCCW-WMVP-8PV9 vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
astralinux
astralinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel versions 3.11 through 5.10.16, as used by Xen. When serving requests to the PV backend, the driver maps grant references provided by the frontend. During this process, errors may occur. In one case, an error encountered earlier might be discarded by late...

7.8CVSS6.7AI score0.00348EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel versions 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur during batch hypercalls, where multiple operations are performed in a single hypercall. The success or failure of each operation is reported to the backend driver, and the...

5.5CVSS6.7AI score0.00346EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel through version 5.10.1, as used with Xen up to version 4.14.x. The Linux kernel’s PV block backend expects the kernel thread handler to reset ring-xenblkd to NULL when the thread is stopped. However, the handler may not have enough time to execute if the...

8.8CVSS6.6AI score0.00388EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/19 11:10 a.m.15 views

Astra Linux – Vulnerability in Linux

A issue was discovered in the Linux kernel versions 2.6.39 through 5.10.16, as used in Xen. The block, net, and SCSI backends consider certain errors as ordinary bugs, which are deliberately designed to cause kernel crashes. For errors that may be influenced by guests such as memory exhaustion...

5.5CVSS6.6AI score0.00544EPSS
Exploits0References1
osv
osv
added 2026/06/05 10:43 a.m.8 views

MINI-W46X-6PV2-5WR8

Bulletin has no description...

9.6CVSS5.1AI score0.00478EPSS
Exploits0
osv
osv
added 2026/06/05 3:55 a.m.7 views

MINI-CGQQ-47MW-5PV2

Bulletin has no description...

7.3CVSS5.2AI score0.00128EPSS
Exploits0
osv
osv
added 2026/06/03 1:16 a.m.10 views

UBUNTU-CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.4AI score0.00361EPSS
Exploits0References2
debiancve
debiancve
added 2026/06/03 12:15 a.m.11 views

CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00361EPSS
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: acpi: Fixed suspend with Xen PV The commit f1e525009493 "x86/boot: Skipping realmode init code when running as Xen PV guest" missed one code path that accessed the realmodeheader, leading to a NULL dereference when suspending the...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

7CVSS6.6AI score0.00359EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...

7CVSS6.6AI score0.00359EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights in a way that is subject to race conditions. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The blkfront,...

7CVSS6.6AI score0.00359EPSS
Exploits0References2
Rows per page
Query Builder