UBUNTU-CVE-2022-42313

Xenstore: guests can let run xenstored out of memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in a Denial of Service...

PT-2022-7323 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore versions prior to the fix of XSA-322 Description: The issue allows cooperating guests to create an arbitrary number of Xenstore nodes. This is possible when one domain lets another write into its local Xenstore tree, creating many...

PT-2022-7335 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to a bug in the fix of XSA-115, where a malicious guest can cause xenstored to use a wrong pointer during node creation in an error path. This can result in a crash of...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime.Guest is an application product. Xen...

PT-2022-7332 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to errors in memory release due to the creation of an arbitrary number of nodes via transactions. This can enable a malicious guest to create an arbitrary number of...

PT-2022-7324 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue allows cooperating guests to create an arbitrary number of Xenstore nodes. This is possible when one guest lets another write into its local Xenstore tree, creating many nodes an...

CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

Cross site scripting

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

CVE-2022-35133

A cross-site scripting XSS vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node...

CherryTree 跨站脚本漏洞

CherryTree is a hierarchical note-taking application by the individual developer Giuseppe Penone in the UK. With rich text and syntax highlighting, storing data in a single XML or SQLite file. A security vulnerability exists in CherryTree version v0.99.30, which stems from a vulnerability that...

PT-2022-22591 · Unknown · Cherrytree

Name of the Vulnerable Software and Affected Versions: CherryTree version 0.99.30 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. Recommendations: For...

CVE-2021-28626

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 and below is affected by an Improper Authorization vulnerability allowing users to create nodes under a location. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service...

CVE-2012-5518

vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key and certificate...

CVE-2012-5518

CVE-2012-5518 concerns Red Hat VDSM: certificate generation during node creation allows the daemon to start and serve requests from anyone with a matching key/certificate. The NVD entry lists a CVSS base score of 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N; 3.1: CVSS:3.1 base 7.5, HIGH impact on integrity) a...

CVE-2012-5518

vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key and certificate...

Mandriva Linux Security Advisory : libvirt (MDVSA-2015:115)

Updated libvirt packages fix security vulnerabilities : The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the...

Pexip Infinity static ssh keys

Static ssh key is used on nodes creation...

[SECURITY] Fedora 15 Update: drupal7-field_permissions-1.0-0.2.beta2.fc15

The Field Permissions module is a drop-in replacement for the Content Permissions module shipped with CCK. It allows site administrators to set field-level permissions to edit or view CCK fields in any node, and optionally new feature compared to Content Permissions module, edit field during node...