DRUPAL-CONTRIB-2025-025

This module can be used to render Open API Documentation using the RapiDoc library. The module provides a custom formatter for link fields. Drupal core does not sufficiently sanitize link element attributes, which can lead to a Cross Site Scripting vulnerability XSS. A separate fix for Drupal cor...

CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

CVE-2015-7945

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job resul...

CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

CVE-2015-7944

Ganeti’s RESTful control interface (RAPI) vulnerable to denial of service when used in SSL mode, across multiple release lines (before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2). The issue is trigg...

CVE-2015-7944

The RESTful control interface aka RAPI or ganeti-rapi in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service resourc...

CVE-2015-7945

The CVE-2015-7945 entry describes a vulnerability in Ganeti’s RESTful control interface (RAPI/ganeti-rapi) affecting multiple release streams: 2.9.x prior to 2.9.7, 2.10.x prior to 2.10.8, 2.11.x prior to 2.11.8, 2.12.x prior to 2.12.6, 2.13.x prior to 2.13.3, 2.14.x prior to 2.14.2, and 2.15.x p...

Ganeti Denial Of Service / Information Disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: Ganeti Security Advisory DoS, Unauthenticated Info Leak Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html Date...

Ganeti - Multiple Vulnerabilities

=begin Advisory Information Title: Ganeti Security Advisory DoS, Unauthenticated Info Leak Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html Date published: 2016-01-05 Vendors contacted: Google...

Ganeti - Multiple Vulnerabilities

Ganeti - Multiple Vulnerabilities =begin Advisory Information Title: Ganeti Security Advisory DoS, Unauthenticated Info Leak Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html Date published:...

[oCERT-2014-006] Ganeti insecure archive permission

2014-006 Ganeti insecure archive permission Description: Ganeti, an open source virtualisation manager, suffers from an insecure file permission vulnerability that leads to sensitive information disclosure. The Ganeti upgrade command 'gnt-cluster upgrade' creates an archive of the current...

Directory traversal

Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0rc2 allow 1 remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API RAPI and allow 2...

CVE-2009-4261

Ganeti CVE-2009-4261 affects the iallocator framework with path sanitization errors in Ganeti versions 1.2.4–1.2.8, 2.0.0–2.0.4, and 2.1.0 before 2.1.0~rc2. The vulnerability allows (1) remote attackers to execute arbitrary programs via a crafted external script name through the HTTP remote API (...

Fedora Update for librapi FEDORA-2008-0680

Check for the Version of librapi OpenVAS Vulnerability Test Fedora Update for librapi FEDORA-2008-0680 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RAPI Manager Detection

The remote service supports the Remote Applications Programming Interfaces RAPI protocol and is used by the host to manage connections from Windows Mobile / Windows CE devices. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if descripti...

[SECURITY] Fedora 8 Update: librapi-0.11-1.fc8

The RAPI library is an open source implementation that works like RAPI.DLL, available on Microsoft operating systems. The library makes it possible to make remote calls to a computer running Pocket PC. In order to use librapi, a daemon that the Pocket PC client connects to mus t be running on the...