Lucene search
K

87 matches found

CVE
CVE
added 5 days ago23 views

CVE-2026-42486

Summary: CVE-2026-42486 is documented as a RBAC-related vulnerability in XAPI. Several CVEs describe over-permissive admin roles; specifically, CVE-2026-42486 states that a vm-admin can set VM.platform:hvm_serial, a setting that should be pool-admin restricted, and this can allow arbitrary dom0 f...

9.4CVSS7.2AI score0.0014EPSS
Exploits0References1
CVE
CVE
added 5 days ago27 views

CVE-2026-23560

Summary: The CVE-2026-23560 issue is described in multiple sources as a RBAC-related vulnerability in XAPI for XenServer/XCP-ng where a vm-admin can modify VM.other-config:is_system_domain to mark a VM as a system domain. This can cause system domains to be ignored or hidden during certain host/p...

9.4CVSS7.3AI score0.0014EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2025-210447

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.25 views

PT-2026-35874

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the Xen privcmd driver. The privcmd vm ops defines a .close function privcmd close but lacks .may split and .open callbacks. When a partial munmap is...

7.8CVSS5.2AI score0.00183EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-24414

Malware in sbrugna...

9CVSS7.8AI score0.08453EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-18698

Malware in sbrugna...

6.5CVSS6.5AI score0.00722EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-21855

Malware in sbrugna...

7.8CVSS7.4AI score0.01428EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14674

Malware in sbrugna...

4.9CVSS5.4AI score0.01104EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-14673

Malware in sbrugna...

6.5CVSS6.7AI score0.01104EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0562

Malicious code in bioql PyPI...

6.1CVSS5AI score0.00447EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-6999

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01432EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-29054

Malicious code in bioql PyPI...

3.8CVSS7.7AI score0.00209EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:23 a.m.6 views

CVE-2024-26140

com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...

6.1CVSS6.6AI score0.00447EPSS
Exploits0References1
NVD
NVD
added 2025/02/14 9:15 p.m.9 views

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS0.00209EPSS
Exploits0References3
OSV
OSV
added 2025/02/14 9:15 p.m.10 views

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS7AI score0.00209EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/02/14 9:15 p.m.19 views

CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS7AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2025/02/14 9:15 p.m.4 views

UBUNTU-CVE-2024-31144

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

3.8CVSS5.8AI score0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/14 8:16 p.m.11 views

CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality

For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...

0.00209EPSS
Exploits0References1
CVE
CVE
added 2025/02/14 8:16 p.m.120 views

CVE-2024-31144

CVE-2024-31144 affects Xen/Xapi backup/restore of VM/SR metadata via a VDI metadata store. The vulnerability arises because the host searches VDI images to locate the metadata VDI and restore metadata; a malicious guest can manipulate its disk to appear as a metadata backup, potentially causing m...

3.8CVSS6AI score0.00209EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder