Lucene search
+L

35 matches found

Xen Project
Xen Project
added 2022/11/01 12:0 p.m.99 views

Xenstore: Cooperating guests can create arbitrary numbers of nodes

ISSUE DESCRIPTION Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's...

5.5CVSS1.9AI score0.00277EPSS
Exploits0
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.31 views

CVE-2022-42323

Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...

7AI score0.00277EPSS
Exploits0References8
CVE
CVE
added 2022/11/01 12:0 a.m.94 views

CVE-2022-42323

CVE-2022-42323 concerns Xenstore in the Xen hypervisor. The issue arises after the XSA-322 fix: any Xenstore node owned by a removed domain is reassigned to Dom0, enabling two cooperating guests to create an unbounded number of Xenstore nodes. This can exhaust Xenstore quota and lead to denial of...

5.5CVSS6.5AI score0.00277EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2022/11/01 12:0 a.m.99 views

CVE-2022-42322

CVE-2022-42322 concerns Xenstore: cooperating guests can create an arbitrary number of Xenstore nodes. The issue arises after the XSA-322 fix, where any Xenstore node owned by a removed domain can be reassigned to Dom0. A malicious pair of guests can exploit this by: (1) host A lets host B write ...

5.5CVSS6.5AI score0.00277EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.35 views

CVE-2022-42322

Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...

7AI score0.00277EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.36 views

CVE-2022-42326

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

7.2AI score0.00277EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2022/11/01 12:0 a.m.5 views

CVE-2022-42326

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

5.5AI score0.00277EPSS
Exploits0References8
Cvelist
Cvelist
added 2022/11/01 12:0 a.m.32 views

CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

7.2AI score0.00277EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.2 views

PT-2022-7319 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue allows guests to create an arbitrary number of nodes via transactions. If a node is created in a transaction and later deleted in the same transaction, the transaction will be...

8.8CVSS6.3AI score0.00375EPSS
Exploits0References148
Debian CVE
Debian CVE
added 2022/11/01 12:0 a.m.66 views

CVE-2022-42322

Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...

5.5CVSS6.8AI score0.00277EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2016/10/03 6:59 p.m.20 views

CVE-2016-7570

Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes...

4.3CVSS6.1AI score0.01678EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2014/05/07 5:52 p.m.62 views

USN-2209-1: libvirt vulnerabilities

It was discovered that libvirt incorrectly handled symlinks when using the LXC driver. An attacker could possibly use this issue to delete host devices, create arbitrary nodes, and shutdown or power off the host. CVE-2013-6456 Marian Krcmarik discovered that libvirt incorrectly handled seamless...

5.8CVSS7.2AI score0.00573EPSS
Exploits1
CVE
CVE
added 2012/12/03 9:0 p.m.42 views

CVE-2012-5543

The CVE-2012-5543 issue affects the Drupal Feeds module (7.x-2.x) prior to 7.x-2.0-alpha6. The root cause is improper permission checks when a field is mapped to the node author, enabling remote attackers to create arbitrary nodes via a crafted source feed. Affected software is the Feeds module f...

4.3CVSS7AI score0.01168EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/04/24 8:0 p.m.62 views

CVE-2007-2170

CVE-2007-2170 affects Oracle E-Business Suite via the APPLSYS.FND_DM_NODES package. The vulnerability arises from missing session validation, allowing remote attackers to delete arbitrary nodes. The NVD notes an unauthenticated network attack with high impact (integrity and availability), CVSS v2...

9.4CVSS6.2AI score0.0386EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2007/04/24 8:0 p.m.28 views

CVE-2007-2170

The APPLSYS.FNDDMNODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126,...

6.1AI score0.0386EPSS
Exploits0References6
Rows per page
Query Builder