EUVD-2009-0077

Malware in sbrugna...

OpenStack Nova Router metadata queries are not restricted by tenant

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2022-25219

CVE-2022-25219/25218 describe a flaw in the telnetd_startup routine where the use of RSA without padding (or OAEP) enables an unauthenticated attacker on the local network to influence the decrypted plaintext via crafted UDP packets, potentially gaining a root shell. The 25219 issue centers on a ...

CVE-2022-25218

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

Design/Logic Flaw

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive...

CVE-2014-3227

dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to...

CVE-2014-3227

The CVE-2014-3227 entry concerns dpkg components: dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 may rely on a patch program’s handling of the C-style encoded filenames feature. If the patch program is noncompliant, this leads to an interaction error that enables a directory travers...

CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies...

CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies...

CVE-2014-0815

The CVE-2014-0815 issue concerns Opera for Android versions before 18, where the browser’s URL/intent-scheme handling contains an interaction error that can disclose local data such as stored cookies. The affected component is Opera’s URL implementation, and exploitation would involve processing ...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

Design/Logic Flaw

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

CVE-2013-6419 affects OpenStack Nova and Neutron. The vulnerability arises from an missing authorization check on the device ID bound to a port, allowing remote tenants to retrieve metadata by spoofing that device ID. Affected components include Nova’s api/metadata/handler.py and Neutron’s neutro...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2012-1618

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standardconformingstrings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to...

CVE-2009-0068

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by...

Design/Logic Flaw

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by...

CVE-2009-0068

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by...