Lucene search
K

26 matches found

NVD
NVD
added 6 hours ago4 views

CVE-2026-42486

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
NVD
NVD
added 6 hours ago4 views

CVE-2026-23562

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
NVD
NVD
added 6 hours ago4 views

CVE-2026-23561

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
NVD
NVD
added 6 hours ago4 views

CVE-2026-23559

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
NVD
NVD
added 6 hours ago4 views

CVE-2026-23560

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
CVE
CVE
added 7 hours ago18 views

CVE-2026-42486

Summary: CVE-2026-42486 is documented as a RBAC-related vulnerability in XAPI. Several CVEs describe over-permissive admin roles; specifically, CVE-2026-42486 states that a vm-admin can set VM.platform:hvm_serial, a setting that should be pool-admin restricted, and this can allow arbitrary dom0 f...

9.4CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-42486 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42608

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-23562 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
CVE
CVE
added 7 hours ago18 views

CVE-2026-23562

The CVE-2026-23562 entry concerns RBAC mis-configuration in XAPI. The advisory notes that the PCI passthrough configuration was normally restricted to pool-admin, but one API did not enforce this check, allowing a vm-admin to access unintended host hardware. This is described alongside related RB...

9.4CVSS7.2AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42607

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.2AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-23561 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
CVE
CVE
added 7 hours ago29 views

CVE-2026-23561

CVE-2026-23561 is part of a set of RBAC-related issues in XAPI (XenServer/XCP-ng) where certain administrator roles (vm-admin, etc.) can improperly modify RBAC-protected settings. Specifically, this CVE allows a vm-admin to set VM.other_config:storage_driver_domain and mark a VM as the storage do...

9.4CVSS7.3AI score
Exploits0References1
EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-42604

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.3AI score
Exploits0References1
CVE
CVE
added 7 hours ago14 views

CVE-2026-23560

Summary: The CVE-2026-23560 issue is described in multiple sources as a RBAC-related vulnerability in XAPI for XenServer/XCP-ng where a vm-admin can modify VM.other-config:is_system_domain to mark a VM as a system domain. This can cause system domains to be ignored or hidden during certain host/p...

9.4CVSS7.3AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-23560 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
CVE
CVE
added 7 hours ago18 views

CVE-2026-23559

CVE-2026-23559 (and related RBAC issues 23560–23562, 42486) affect XAPI in XenServer/XCP-ng where a vm-admin can abuse RBAC to gain higher privileges, including arbitrary read/modify of dom0 files via VBD.other_config, alter system-domain status, disrupt PBD/storage-domain mappings, and potential...

9.4CVSS7.3AI score
Exploits0References1
Cvelist
Cvelist
added 7 hours ago3 views

CVE-2026-23559 Multiple RBAC issues in XAPI

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS
Exploits0References1
EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-42602

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.3AI score
Exploits0References1
Xen Project
Xen Project
added 2026/04/28 6:5 p.m.12 views

Multiple RBAC issues in XAPI

ISSUE DESCRIPTION XAPI can configure different users with different roles, using Role Based Access Control. For more details, see: https://docs.xenserver.com/en-us/xencenter/current-release/rbac-overview.htmlrbac-roles The pool-admin role is fully privileged. Notably, users with this role can als...

9.4CVSS5.4AI score
Exploits0
Rows per page
Query Builder