13 matches found
EUVD-2022-4005
Malicious code in bioql PyPI...
CVE-2021-36383
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
Using Veeam Agents with Xen Orchestra (Vates XCP-NG and XenServer)
Purpose This article documents how to use Veeam Agent for Microsoft Windows and Veeam Agent for Linux , managed by Veeam Backup & Replication, to protect virtual machines in XenServer and XCP-NG environments that are managed by Xen Orchestra. While these hypervisors are not directly supported for...
Xen Orchestra Mishandles Authorization
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
GHSA-GRVM-GCQF-GH8Q Xen Orchestra Mishandles Authorization
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
CVE-2021-36383
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
CVE-2021-36383
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
CVE-2021-36383
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
Authorization
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
CVE-2021-36383
CVE-2021-36383 affects Xen Orchestra (xo-web ≤5.80.0, xo-server ≤5.84.0). The root cause is broken authorization handling in WebSocket data access (resourceSet.getAll), allowing an attacker to modify the permission field from none to admin and read datasets such as VMs, Backups, Audit, Users, and...
CVE-2021-36383
Xen Orchestra with xo-web through 5.80.0 and xo-server through 5.84.0 mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit,...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen...
xen-orchestra.com XSS vulnerability
Vulnerable URL: https://xen-orchestra.com/forum/reset?lang=%27-prompt%28%27OPENBUGBOUNTY%27%29-%27 Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 10:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 342881 V...