35 matches found
Xenstore: Cooperating guests can create arbitrary numbers of nodes
ISSUE DESCRIPTION Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's...
CVE-2022-42323
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
CVE-2022-42323
CVE-2022-42323 concerns Xenstore in the Xen hypervisor. The issue arises after the XSA-322 fix: any Xenstore node owned by a removed domain is reassigned to Dom0, enabling two cooperating guests to create an unbounded number of Xenstore nodes. This can exhaust Xenstore quota and lead to denial of...
CVE-2022-42322
CVE-2022-42322 concerns Xenstore: cooperating guests can create an arbitrary number of Xenstore nodes. The issue arises after the XSA-322 fix, where any Xenstore node owned by a removed domain can be reassigned to Dom0. A malicious pair of guests can exploit this by: (1) host A lets host B write ...
CVE-2022-42322
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
CVE-2022-42326
Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...
CVE-2022-42326
Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...
CVE-2022-42325
Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...
PT-2022-7319 · Xenstore +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue allows guests to create an arbitrary number of nodes via transactions. If a node is created in a transaction and later deleted in the same transaction, the transaction will be...
CVE-2022-42322
Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...
CVE-2016-7570
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...
USN-2209-1: libvirt vulnerabilities
It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. CVE-2013-6456 Marian Krcmarik discovered that libvirt incorrectly handled seamless...
CVE-2012-5543
The CVE-2012-5543 issue affects the Drupal Feeds module (7.x-2.x) prior to 7.x-2.0-alpha6. The root cause is improper permission checks when a field is mapped to the node author, enabling remote attackers to create arbitrary nodes via a crafted source feed. Affected software is the Feeds module f...
CVE-2007-2170
CVE-2007-2170 affects Oracle E-Business Suite via the APPLSYS.FND_DM_NODES package. The vulnerability arises from missing session validation, allowing remote attackers to delete arbitrary nodes. The NVD notes an unauthenticated network attack with high impact (integrity and availability), CVSS v2...
CVE-2007-2170
The APPLSYS.FNDDMNODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126,...