Lucene search
+L

102 matches found

nvd
nvd
added 2026/06/18 2:17 p.m.14 views

CVE-2026-42490

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS0.002EPSS
Exploits0References1
osv
osv
added 2026/06/18 2:17 p.m.3 views

ALPINE-CVE-2026-42490

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.8AI score0.002EPSS
Exploits0References1
osv
osv
added 2026/06/18 2:17 p.m.4 views

ALPINE-CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

5.3CVSS5.8AI score0.00078EPSS
Exploits0References1
euvd
euvd
added 2026/06/18 1:47 p.m.11 views

EUVD-2026-37890

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/18 1:47 p.m.8 views

CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.2AI score0.002EPSS
Exploits0References2
cve
cve
added 2026/06/18 1:47 p.m.25 views

CVE-2026-42489

CVE-2026-42489 / 42490 (Xen) : The Xen domctl mechanism used to create/manage guests relies on a system-wide lock whose acquisition lacks fairness. In environments using XSM/Flask, some operations may acquire this lock before permission checks, creating a potential abuse window. Documents do not ...

5.3CVSS5.2AI score0.00078EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/18 1:47 p.m.27 views

CVE-2026-42489 domctl lock open to abuse

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

0.00078EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/18 1:47 p.m.30 views

CVE-2026-42490 domctl lock open to abuse

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

0.002EPSS
Exploits0References1
xen
xen
added 2026/06/09 12:0 p.m.17 views

domctl lock open to abuse

ISSUE DESCRIPTION To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these operations may not be executed in parallel, so a system-wide lock is used. The way that lock is acquired is,...

6.5CVSS5.5AI score0.002EPSS
Exploits0Affected Software1
malwarebytes
malwarebytes
added 2026/02/24 3:22 p.m.8 views

Roblox gives predators “powerful tools” to target children, says LA County

Los Angeles County has sued online gaming company Roblox, adding to a series of suits that accuse the virtual worlds platform of misleading parents into thinking it's safe while leaving children exposed to predators and sexually explicit content. The February 19 filing makes LA County the first...

5.4AI score
Exploits0
osv
osv
added 2025/11/12 4:47 p.m.5 views

MAL-2025-166166 Malicious code in suharta-poke38 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0b6cb9277a092cc6b05e251fa105772a11be7e37711484a2fffdf2f44277c329 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
euvd
euvd
added 2025/11/11 8:11 p.m.2 views

EUVD-2025-94444

Malicious code in unfaircardinalz3n npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/11 7:31 a.m.3 views

Malicious code in unfair_koala_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e783b2320680db046a170b33210142fc91e99108ba4b7bd941420482db54093 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
euvd
euvd
added 2025/11/11 5:18 a.m.0 views

EUVD-2025-73161

Malicious code in unfairmosquitoz3n npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 5:18 a.m.4 views

EUVD-2025-73163

Malicious code in unfairfinchz3n npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 5:18 a.m.0 views

EUVD-2025-73162

Malicious code in unfairllamaz3n npm...

6.6AI score
Exploits0
osv
osv
added 2025/11/11 5:18 a.m.2 views

MAL-2025-97128 Malicious code in unfair_llama_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e959af7f8d16a9fe66a3cb6de459b5323c822430d5e9f8c192793de9c0c60d7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
euvd
euvd
added 2025/11/11 4:25 a.m.1 views

EUVD-2025-65732

Malicious code in unfairalpacaz3n npm...

6.6AI score
Exploits0
euvd
euvd
added 2025/11/11 4:25 a.m.1 views

EUVD-2025-65731

Malicious code in unfairturkeyz3n npm...

6.6AI score
Exploits0
ossf
ossf
added 2025/11/11 12:41 a.m.4 views

Malicious code in unfair-salmon-fish (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e34b794d12c6beefa8a27caf7d73a74665ff4b2c5219f3a376e6b7c252a385f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder