Lucene search
K

46 matches found

RedHat Linux
RedHat Linux
added 2021/09/30 7:6 p.m.9 views

libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...

6.5CVSS6.8AI score0.01366EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/09/30 4:59 p.m.5 views

libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API

An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...

6.5CVSS6.8AI score0.01366EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/11/04 1:30 a.m.5 views

libvirt: Potential denial of service via active pool without target path

A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection...

6.5CVSS7.1AI score0.02363EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/09/29 7:54 p.m.3 views

libvirt: Potential denial of service via active pool without target path

A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection...

6.5CVSS7.1AI score0.02363EPSS
Exploits1References4
Mageia
Mageia
added 2020/06/10 10:26 p.m.40 views

Updated libvirt packages fix security vulnerability

Updated libvirt packages fix security vulnerability: It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service CVE-2020-10703. It was discovered that libvirt...

6.5CVSS2.4AI score0.02363EPSS
Exploits1References2
OSV
OSV
added 2020/06/02 1:15 p.m.1 views

DEBIAN-CVE-2020-10703

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...

6.5CVSS6.8AI score0.02363EPSS
Exploits1References1
Prion
Prion
added 2020/06/02 1:15 p.m.28 views

Null pointer dereference

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...

4CVSS6.3AI score0.02363EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2020/05/21 4:52 p.m.4 views

USN-4371-1 libvirt vulnerabilities

It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. CVE-2020-10703 It was discovered that libvirt incorrectly handled memory when retrieving certain...

6.5CVSS6.9AI score0.02363EPSS
Exploits1References3
OSV
OSV
added 2020/04/13 12:0 a.m.5 views

UBUNTU-CVE-2020-10703

A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...

6.5CVSS6.8AI score0.02363EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2020/01/25 12:0 a.m.4 views

PT-2020-6312 · Libvirt +8 · Libvirt +8

Name of the Vulnerable Software and Affected Versions: libvirt versions 3.10.0 through 5.x Description: A NULL pointer dereference was found in the libvirt API for fetching a storage pool based on its target path. This flaw affects storage pools created without a target path, such as network-base...

9.3CVSS6.5AI score0.04027EPSS
Exploits3References153
BDU FSTEC
BDU FSTEC
added 2019/11/19 12:0 a.m.6 views

The vulnerabilities of the DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler components of the Symfony software development and web application management platform allow attackers to carry out phishing attacks and gain access to protected information.

The vulnerability of the DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler components in the Symfony software development and management platform involves generating a response parameter targetpath without verifying the path. Exploiting this vulnerability allows attacker...

6.4CVSS6.6AI score0.00949EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2019/07/01 3:15 p.m.1 views

CVE-2019-4357

When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,...

6.7CVSS7.2AI score
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/06/19 5:29 a.m.18 views

CVE-2018-12559

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp mpOk is insufficient. A regular user can consequently mount a CIFS filesystem anywhere e.g., outside of the /home directory tree by passing directory traversal sequenc...

8.8CVSS7.2AI score0.02068EPSS
Exploits0References3
OSV
OSV
added 2018/06/13 4:29 p.m.4 views

UBUNTU-CVE-2017-16652

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the targetpath parameter and generates a redirect response, but no check is...

6.1CVSS6.7AI score0.00949EPSS
Exploits0References4
OSV
OSV
added 2018/06/13 4:29 p.m.2 views

DEBIAN-CVE-2017-16652

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the targetpath parameter and generates a redirect response, but no check is...

6.1CVSS6.9AI score0.00949EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2018/06/13 4:29 p.m.4 views

CVE-2017-16652

An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the targetpath parameter and generates a redirect response, but no check is...

6.1CVSS5.7AI score0.00949EPSS
Exploits0References3
NVD
NVD
added 2017/11/22 7:29 p.m.23 views

CVE-2017-2693

ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier...

7.8CVSS7.6AI score0.01052EPSS
Exploits0References2
OSV
OSV
added 2017/11/22 7:29 p.m.4 views

CVE-2017-2693

ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier...

7.8CVSS5.8AI score
Exploits0References2
CNVD
CNVD
added 2017/02/10 12:0 a.m.6 views

Huawei EMUI Path Traversal Vulnerability

Huawei EMUI is a set of intelligent terminal human-computer interaction system based on the Android platform developed by China's Huawei Huawei. A path traversal vulnerability exists in Huawei EMUI version 3.1, which originates from the program's failure to adequately verify the path of a specifi...

7.8CVSS6.8AI score0.01052EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/20 12:0 a.m.3 views

SQL injection vulnerability exists in the page /target/lres/message/index.html?t_id=116 of the generic reader education system of Nanjing Oncor Technology Co.

Nanjing Oncor Technology Co., Ltd Esmay Reader Education System is a set of library reader education system. A SQL injection vulnerability exists in the page /target/lres/message/index.html?tid=116 of the general-purpose reader education system of Nanjing ONC Technology Co. An attacker can remote...

7.8AI score
Exploits0
Rows per page
Query Builder