Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-4005

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00714EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 p.m.19 views

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS6.8AI score0.00714EPSS
Exploits1References1
Veeam
Veeam
added 2025/01/13 12:0 a.m.35 views

Using Veeam Agents with Xen Orchestra (Vates XCP-NG and XenServer)

Purpose This article documents how to use Veeam Agent for Microsoft Windows and Veeam Agent for Linux , managed by Veeam Backup & Replication, to protect virtual machines in XenServer and XCP-NG environments that are managed by Xen Orchestra. While these hypervisors are not directly supported for...

6.3AI score
Exploits0Affected Software3
Github Security Blog
Github Security Blog
added 2022/05/24 7:7 p.m.17 views

Xen Orchestra Mishandles Authorization

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS6.7AI score0.00714EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2022/05/24 7:7 p.m.15 views

GHSA-GRVM-GCQF-GH8Q Xen Orchestra Mishandles Authorization

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS4.5AI score0.00714EPSS
Exploits1References3
NVD
NVD
added 2021/07/12 2:15 p.m.13 views

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS0.00714EPSS
Exploits1References1
OSV
OSV
added 2021/07/12 2:15 p.m.3 views

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS5.8AI score0.00714EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/07/12 2:15 p.m.4 views

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.3CVSS5.4AI score0.00714EPSS
Exploits1References2
Prion
Prion
added 2021/07/12 2:15 p.m.17 views

Authorization

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4CVSS4.5AI score0.00714EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2021/07/12 1:18 p.m.57 views

CVE-2021-36383

CVE-2021-36383 affects Xen Orchestra (xo-web ≤5.80.0, xo-server ≤5.84.0). The root cause is broken authorization handling in WebSocket data access (resourceSet.getAll), allowing an attacker to modify the permission field from none to admin and read datasets such as VMs, Backups, Audit, Users, and...

4.3CVSS4.5AI score0.00714EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/07/12 1:18 p.m.17 views

CVE-2021-36383

Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...

4.9AI score0.00714EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.4 views

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen...

4.3CVSS5.2AI score0.00714EPSS
Exploits1References1
Openbugbounty
Openbugbounty
added 2016/07/08 8:7 p.m.11 views

xen-orchestra.com XSS vulnerability

Vulnerable URL: https://xen-orchestra.com/forum/reset?lang=%27-prompt%28%27OPENBUGBOUNTY%27%29-%27 Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 10:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 342881 V...

6.3AI score
Exploits0
Rows per page
Query Builder