Lucene search
+L

9 matches found

NVD
NVD
added 2026/07/09 4:16 p.m.6 views

CVE-2025-27464

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 2:35 p.m.38 views

CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 2:35 p.m.53 views

CVE-2025-27464

CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 2:35 p.m.6 views

EUVD-2025-210445

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 2:29 p.m.42 views

CVE-2025-27463

The CVE-2025-27463 entry corresponds to the Windows PV drivers exposed by XenServer/Citrix Hypervisor. These PV devices (XenCons, XenIface, XenBus) reportedly expose facilities to userspace with no security descriptors, making them fully accessible to unprivileged users. The connected sources ide...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 2:27 p.m.3413 views

CVE-2025-27462

CVE-2025-27462 refers to the Windows PV drivers in XenServer/Citrix Hypervisor where several PV interfaces (XenCon s, XenIface, XenBus) expose no security descriptors, making them accessible to unprivileged users. The CVE is tied to the Windows PV drivers for XenServer 8.x; Linux guests are unaff...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
Xen Project
Xen Project
added 2025/05/27 12:0 p.m.36 views

WinPVDrivers: Excessive permissions on user-exposed devices

ISSUE DESCRIPTION The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464 IMPACT Unprivileged...

9.4CVSS7.4AI score0.00158EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/09/01 12:0 a.m.46 views

OracleVM 3.2 : xen (OVMSA-2017-0149)

The remote OracleVM system is missing necessary patches to address critical security updates : - From e26560a4b056dad6d85ffd9ebfad9565f210a9cc Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Wed, 30 May 2012 09:22:17 +0100 Subject: PATCH gnttab: don't use domain lock for serialization Instead us...

8.8CVSS6.9AI score0.00452EPSS
Exploits0References4
Xen Project
Xen Project
added 2017/06/20 12:0 p.m.73 views

blkif responses leak backend stack data

ISSUE DESCRIPTION The block interface response structure has some discontiguous fields. Certain backends populate the structure fields of an otherwise uninitialized instance of this structure on their stacks, leaking data through the internal or trailing padding field. IMPACT A malicious...

6.5CVSS1.4AI score0.00445EPSS
Exploits0
Rows per page
Query Builder