46 matches found
libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited...
libvirt: Potential denial of service via active pool without target path
A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection...
libvirt: Potential denial of service via active pool without target path
A NULL pointer dereference was found in the libvirt API responsible for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like gluster and RBD. Unprivileged users with a read-only connection...
Updated libvirt packages fix security vulnerability
Updated libvirt packages fix security vulnerability: It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service CVE-2020-10703. It was discovered that libvirt...
DEBIAN-CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...
Null pointer dereference
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...
USN-4371-1 libvirt vulnerabilities
It was discovered that libvirt incorrectly handled an active pool without a target path. A remote attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. CVE-2020-10703 It was discovered that libvirt incorrectly handled memory when retrieving certain...
UBUNTU-CVE-2020-10703
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools li...
PT-2020-6312 · Libvirt +8 · Libvirt +8
Name of the Vulnerable Software and Affected Versions: libvirt versions 3.10.0 through 5.x Description: A NULL pointer dereference was found in the libvirt API for fetching a storage pool based on its target path. This flaw affects storage pools created without a target path, such as network-base...
The vulnerabilities of the DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler components of the Symfony software development and web application management platform allow attackers to carry out phishing attacks and gain access to protected information.
The vulnerability of the DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler components in the Symfony software development and management platform involves generating a response parameter targetpath without verifying the path. Exploiting this vulnerability allows attacker...
CVE-2019-4357
When using IBM Spectrum Protect Plus 10.1.0, 10.1.2, and 10.1.3 to protect Oracle, DB2 or MongoDB databases, a redirected restore operation specifying a target path may allow execution of arbitrary code on the system. IBM X-Force ID: 161667,...
CVE-2018-12559
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp mpOk is insufficient. A regular user can consequently mount a CIFS filesystem anywhere e.g., outside of the /home directory tree by passing directory traversal sequenc...
UBUNTU-CVE-2017-16652
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the targetpath parameter and generates a redirect response, but no check is...
DEBIAN-CVE-2017-16652
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the targetpath parameter and generates a redirect response, but no check is...
CVE-2017-16652
An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the targetpath parameter and generates a redirect response, but no check is...
CVE-2017-2693
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier...
CVE-2017-2693
ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier versions,ALE-L23C605B190 and earlier...
Huawei EMUI Path Traversal Vulnerability
Huawei EMUI is a set of intelligent terminal human-computer interaction system based on the Android platform developed by China's Huawei Huawei. A path traversal vulnerability exists in Huawei EMUI version 3.1, which originates from the program's failure to adequately verify the path of a specifi...
SQL injection vulnerability exists in the page /target/lres/message/index.html?t_id=116 of the generic reader education system of Nanjing Oncor Technology Co.
Nanjing Oncor Technology Co., Ltd Esmay Reader Education System is a set of library reader education system. A SQL injection vulnerability exists in the page /target/lres/message/index.html?tid=116 of the general-purpose reader education system of Nanjing ONC Technology Co. An attacker can remote...