Lucene search
K

136 matches found

Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.4 views

PT-2022-7321 · Xenstore +1 · Xenstore +1

Name of the Vulnerable Software and Affected Versions: Xenstore affected versions not specified Description: The issue is related to the uncontrolled allocation of resources in Xenstore, which can lead to a Denial of Service DoS of xenstored. Malicious guests can cause xenstored to allocate large...

8.8CVSS6AI score0.00375EPSS
Exploits0References148
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.11 views

Malicious Relayer Could Cause A Router To Provide More Liquidity Than It Should

Lines of code Vulnerability details Proof-of-Concept Assume this is a fast-transfer path and the sequencer has a good reason e.g. some sophisticated liquidity load balancing algorithm to assign 3 routers to provide liquidity for a transfer of 90 DAI Therefore, each of them will provide 30 DAI...

6.7AI score
Exploits0
OSV
OSV
added 2022/02/02 4:24 p.m.7 views

CLSA-2022-1643819084 Fix CVE(s): CVE-2022-23218, CVE-2022-23219

SECURITY UPDATE: buffer overflow in svcunixcreate - debian/patches/any/CVE-2022-23218.patch: check whether AFUNIX socket path length doesn't exceed storage size - CVE-2022-23218 SECURITY UPDATE: buffer overflow in clntcreate - debian/patches/any/CVE-2022-23219.patch: check whether AFUNIX socket...

9.8CVSS7AI score0.04729EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2021/10/05 12:0 a.m.5 views

The vulnerability of the XMPP Dino chat client, related to deficiencies in path name limitation, allows attackers to compromise data integrity.

The vulnerability of the XMPP Dino chat client is related to a bug in URI-encoded path separators. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...

5.3CVSS5.8AI score0.01766EPSS
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2021/03/23 4:57 p.m.7 views

pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page

A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

4.7CVSS6.4AI score0.00661EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.32 views

RHEL 7 : pki-core (RHSA-2021:0975)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0975 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core:...

8.1CVSS6.6AI score0.01289EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 2021/03/16 1:53 p.m.2 views

pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page

A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

4.7CVSS6.4AI score0.00661EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/03/15 1:37 p.m.4 views

pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page

A Reflected Cross Site Scripting flaw was found in the pki-ca module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser...

4.7CVSS6.4AI score0.00661EPSS
Exploits0References4
OSV
OSV
added 2020/12/31 8:15 a.m.3 views

CVE-2020-25843

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege...

9.8CVSS5.9AI score0.01895EPSS
Exploits0References1
Prion
Prion
added 2020/12/31 8:15 a.m.15 views

Design/Logic Flaw

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege...

7.5CVSS9.7AI score0.01895EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/31 7:45 a.m.19 views

CVE-2020-25843 CHANGING Inc. NHIServiSignAdapter Windows Versions - Heap Overflow

NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege...

8.1CVSS9.8AI score0.01895EPSS
Exploits0References1
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.8 views

NHIServiSignAdapter Buffer Error Vulnerability

Panorama NHIServiSignAdapter is a security control component for panoramic surveillance devices from China Panorama. A security vulnerability exists in NHIServiSignAdapter that stems from a failure to validate the length of the path to a digital certificate file, which would result in a heap...

9.8CVSS6.1AI score0.01895EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/28 12:0 a.m.52 views

Fedora 32 : xen (2020-df772b417b)

xenstore watch notifications lacking permission checks XSA-115, CVE-2020-29480 1908091 Xenstore: new domains inheriting existing node permissions XSA-322, CVE-2020-29481 1908095 Xenstore: wrong path length check XSA-323, CVE-2020-29482 1908096 Xenstore: guests can crash xenstored via watchs...

8.8CVSS6.3AI score0.00438EPSS
Exploits0References12
OSV
OSV
added 2020/12/15 6:15 p.m.2 views

ALPINE-CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

6CVSS6.7AI score0.00385EPSS
Exploits0References1
OSV
OSV
added 2020/12/15 6:15 p.m.3 views

UBUNTU-CVE-2020-29482

An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily usi...

6CVSS5.9AI score0.00385EPSS
Exploits0References3
Xen Project
Xen Project
added 2020/12/15 12:0 p.m.48 views

Xenstore: wrong path length check

ISSUE DESCRIPTION A guest may access xenstore paths via absolute paths containing a full pathname, or via a relative path, which implicitly includes /local/domain/$DOMID for their own domain id. Management tools must access paths in guests' namespaces, necessarily using absolute paths. oxenstored...

6CVSS0.3AI score0.00385EPSS
Exploits0
OSV
OSV
added 2020/09/18 9:15 p.m.4 views

ALPINE-CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS7.4AI score0.00714EPSS
Exploits0References1
OSV
OSV
added 2020/09/18 9:15 p.m.1 views

DEBIAN-CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS6.7AI score0.00714EPSS
Exploits0References1
OSV
OSV
added 2020/09/18 9:15 p.m.2 views

UBUNTU-CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

7.8CVSS7AI score0.00714EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.42 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1533)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8CVSS8.6AI score0.22475EPSS
Exploits23References4
Rows per page
Query Builder