oxenstored keeps quota related use counts across domain destruction

ISSUE DESCRIPTION When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota. IMPACT Over an extended period of time, new domains will b...

PT-2026-22521

🚨 Chrome Zero-Day CVE-2026-19875: Remote code execution exploit in latest versions. 1M+ vulnerable systems. Patch ASAP. https://t.co/QQ5d87zep9...

EUVD-2018-12499

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-0306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the...

x86: Incorrect stubs exception handling for flags recovery

ISSUE DESCRIPTION Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional...

WinPVDrivers: Excessive permissions on user-exposed devices

ISSUE DESCRIPTION The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. These are: 1. XenCons, CVE-2025-27462 2. XenIface, CVE-2025-27463 3. XenBus, CVE-2025-27464 IMPACT Unprivileged...

CVE-2022-33862

IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems...

CodeCanyon RISE CRM 3.7.0 - SQL Injection

Exploit Title: CodeCanyon RISE CRM 3.7.0 - SQL Injection Google Dork: N/A Date: September 19, 2024 Exploit Author: Jobyer Ahmed Author Homepage: https://bytium.com Vulnerable Version: 3.7 Patched Version: 3.7.1 Tested on: Ubuntu 24.04, Debian Testing CVE: CVE-2024-8945 Instruction 1. Login to...

CVE-2022-33862 Improper access control mechanism in IPP

IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems...

CVE-2022-33862

CVE-2022-33862 affects Eaton IPP software prior to v1.71, with a default credentials vulnerability. Root cause: insecure/default credentials allowing a local attacker (Privilege: HIGH) with no user interaction to access confidential data and take control. Impact: potential compromise of authentic...

Eaton IPP 安全漏洞

Eaton IPP is a power management software from Eaton Corporation USA. A security vulnerability exists in Eaton IPP versions prior to v1.71 that stems from the presence of a default credentials issue that could lead an attacker to identify and access vulnerable systems...

Akira ransomware continues to evolve

Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos' findings and analysis. Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version o...

IPMI 2.0 Cipher Zero Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPMI 2.0 Cipher Zero Authentication Bypass Scanner', 'Description' = %q| This module identifies IPMI 2.0-compatible systems that are vulnerable t...

error handling in x86 IOMMU identity mapping

ISSUE DESCRIPTION Certain PCI devices in a system might be assigned Reserved Memory Regions specified via Reserved Memory Region Reporting, "RMRR" for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose...

Xapi: Metadata injection attack against backup/restore functionality

ISSUE DESCRIPTION For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk...

Microsoft Windows Multiple Vulnerabilities (KB5039211)

This host is missing an important security update according to Microsoft KB5039211 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

x86: Incorrect logic for BTC/SRSO mitigations

ISSUE DESCRIPTION Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see:...

GhostRace: Speculative Race Conditions

ISSUE DESCRIPTION Researchers at VU Amsterdam and IBM Research have discovered GhostRace; an analysis of the behaviour of synchronisation primitives under speculative execution. Synchronisation primitives are typically formed as an unbounded loop which waits until a resource is available to be...

x86: shadow stack vs exceptions from emulation stubs

ISSUE DESCRIPTION Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and...

VT-d: Failure to quarantine devices in !HVM builds

ISSUE DESCRIPTION Incorrect placement of a preprocessor directive in source code results in logic that doesn't operate as intended when support for HVM guests is compiled out of Xen. IMPACT When a device is removed from a domain, it is not properly quarantined and retains its access to the domain...