87 matches found
CVE-2026-42486
Summary: CVE-2026-42486 is documented as a RBAC-related vulnerability in XAPI. Several CVEs describe over-permissive admin roles; specifically, CVE-2026-42486 states that a vm-admin can set VM.platform:hvm_serial, a setting that should be pool-admin restricted, and this can allow arbitrary dom0 f...
CVE-2026-23560
Summary: The CVE-2026-23560 issue is described in multiple sources as a RBAC-related vulnerability in XAPI for XenServer/XCP-ng where a vm-admin can modify VM.other-config:is_system_domain to mark a VM as a system domain. This can cause system domains to be ignored or hidden during certain host/p...
EUVD-2025-210447
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...
PT-2026-35874
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the Xen privcmd driver. The privcmd vm ops defines a .close function privcmd close but lacks .may split and .open callbacks. When a partial munmap is...
EUVD-2020-24414
Malware in sbrugna...
EUVD-2020-18698
Malware in sbrugna...
EUVD-2020-21855
Malware in sbrugna...
EUVD-2017-14674
Malware in sbrugna...
EUVD-2017-14673
Malware in sbrugna...
EUVD-2024-0562
Malicious code in bioql PyPI...
EUVD-2021-6999
Malicious code in bioql PyPI...
EUVD-2024-29054
Malicious code in bioql PyPI...
CVE-2024-26140
com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
UBUNTU-CVE-2024-31144
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144 Xapi: Metadata injection attack against backup/restore functionality
For a brief summary of Xapi terminology, see: https://xapi-project.github.io/xen-api/overview.htmlobject-model-overview Xapi contains functionality to backup and restore metadata about Virtual Machines and Storage Repositories SRs. The metadata itself is stored in a Virtual Disk Image VDI inside ...
CVE-2024-31144
CVE-2024-31144 affects Xen/Xapi backup/restore of VM/SR metadata via a VDI metadata store. The vulnerability arises because the host searches VDI images to locate the metadata VDI and restore metadata; a malicious guest can manipulate its disk to appear as a metadata backup, potentially causing m...