CVE-2022-42309

Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-115 a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be...

CVE-2012-5543

The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed...

UBUNTU-CVE-2022-49664

In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipcnodecreate Shuang Li reported a NULL pointer dereference crash: BUG: kernel NULL pointer dereference, address: 0000000000000068 RIP: 0010:tipclinkisup+0x5/0x10 tipc Call Trace:...

CVE-2022-49664 tipc: move bc link creation back to tipc_node_create

In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipcnodecreate Shuang Li reported a NULL pointer dereference crash: BUG: kernel NULL pointer dereference, address: 0000000000000068 RIP: 0010:tipclinkisup+0x5/0x10 tipc Call Trace:...

CVE-2024-50920

Insecure permissions in Silicon Labs SiLabs Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets...

CVE-2024-50920

Insecure permissions in Silicon Labs SiLabs Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets...

CVE-2024-50920

SiLabs Z-Wave Series 700/800 chips (firmware version 7.21.1) are affected by CVE-2024-50920 due to insecure permission handling that lets an attacker create a fake node by sending specially crafted packets. The vulnerability, described across multiple sources (NVD/Red Hat/CVE records and vendor s...

PT-2024-34455 · Silicon · Z-Wave Series 700/800

Name of the Vulnerable Software and Affected Versions: Silicon Labs SiLabs Z-Wave Series 700 and 800 version 7.21.1 Description: The issue concerns insecure permissions in the software, allowing attackers to create a fake node by supplying crafted packets. Recommendations: For Silicon Labs SiLabs...

UBUNTU-CVE-2021-47320

In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posixaclcreate When looking into another nfs xfstests report, I found acl and defaultacl in nfs3proccreate and nfs3procmknod error paths are possibly leaked. Fix them in advance...

The vulnerability of Xenstore information storage in Xen hypervisors allows a attacker to cause a service failure.

The vulnerability of Xenstore information storage in Xen hypervisors is related to the incomplete cleanup of temporary or auxiliary resources during node creation. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of Xenstore information storage in Xen hypervisors allows a attacker to cause a service failure.

The vulnerability of Xenstore information storage in Xen hypervisors stems from memory release errors that can occur due to the creation of an arbitrary number of nodes through transactions. Exploiting this vulnerability can allow a attacker to cause service failures...

CVE-2022-48661 gpio: mockup: Fix potential resource leakage when register a chip

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated string array is left unfreed. Free it on error path...

SUSE CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

SUSE CVE-2022-42313

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

SUSE CVE-2022-42312

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

SUSE CVE-2022-42311

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

SUSE CVE-2022-42316

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

SUSE CVE-2022-42318

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

SUSE CVE-2022-42326

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

Xenstore: Guests can crash xenstored (XSA-414)

Xenstore: a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path, resulting in a crash of xenstored or a memory corruption in xenstored causing further damage. Entering the error path can be controlled by the guest e.g. by exceeding the quota value of...