136 matches found
PT-2022-7321 · Xenstore +1 · Xenstore +1
Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to the uncontrolled allocation of resources in Xenstore, which can lead to a Denial of Service DoS of xenstored. Malicious guests can cause xenstored to allocate large...
Malicious Relayer Could Cause A Router To Provide More Liquidity Than It Should
Lines of code Vulnerability details Proof-of-Concept Assume this is a fast-transfer path and the sequencer has a good reason e.g. some sophisticated liquidity load balancing algorithm to assign 3 routers to provide liquidity for a transfer of 90 DAI Therefore, each of them will provide 30 DAI...
CLSA-2022-1643819084 Fix CVE(s): CVE-2022-23218, CVE-2022-23219
SECURITY UPDATE: buffer overflow in svcunixcreate - debian/patches/any/CVE-2022-23218.patch: check whether AFUNIX socket path length doesn't exceed storage size - CVE-2022-23218 SECURITY UPDATE: buffer overflow in clntcreate - debian/patches/any/CVE-2022-23219.patch: check whether AFUNIX socket...
The vulnerability of the XMPP Dino chat client, related to deficiencies in path name limitation, allows attackers to compromise data integrity.
The vulnerability of the XMPP Dino chat client is related to a bug in URI-encoded path separators. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page
A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...
RHEL 7 : pki-core (RHSA-2021:0975)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0975 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core:...
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page
A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...
pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page
A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...
CVE-2020-25843
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege...
Design/Logic Flaw
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege...
CVE-2020-25843 CHANGING Inc. NHIServiSignAdapter Windows Versions - Heap Overflow
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege...
NHIServiSignAdapter Buffer Error Vulnerability
Panorama NHIServiSignAdapter is a security control component for panoramic surveillance devices from China Panorama. A security vulnerability exists in NHIServiSignAdapter that stems from a failure to validate the length of the path to a digital certificate file, which would result in a heap...
Fedora 32 : xen (2020-df772b417b)
xenstore watch notifications lacking permission checks XSA-115, CVE-2020-29480 1908091 Xenstore: new domains inheriting existing node permissions XSA-322, CVE-2020-29481 1908095 Xenstore: wrong path length check XSA-323, CVE-2020-29482 1908096 Xenstore: guests can crash xenstored via watchs...
ALPINE-CVE-2020-29482
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...
UBUNTU-CVE-2020-29482
An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...
Xenstore: wrong path length check
ISSUE DESCRIPTION A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored...
ALPINE-CVE-2020-8252
The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...
DEBIAN-CVE-2020-8252
The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...
UBUNTU-CVE-2020-8252
The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1533)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...