23 matches found
EUVD-2022-1935
Malicious code in bioql PyPI...
Exceeding XenAPI Session Limit Causes Pool Instability
XenAPI Session The session limit of XenAPI process XAPI is 400. When the limit is exceeded, the oldest session is terminated. The oldest session might be active and in use. When the session is terminated, the client using that session gets disconnected without notification. Note : Clients can be...
SUSE CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
OpenStack Compute Nova Improper Access Control
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
Authorization Bypass
openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists as the XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attacke...
XenAPI For XenForo 1.4.1 SQL Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI Type: SQL Injection CWE-89 Date found: 2016-05-20 Date published: 2016-05-23 CVSSv3 Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE...
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
XenAPI 1.4.1 for XenForo - Multiple SQL Injections RCESEC-2016-002 XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI...
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI Type: SQL Injection CWE-89 Date found: 2016-05-20 Date published: 2016-05-23 CVSSv3 Score: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
RCESEC-2016-002 XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI Type: SQL Injection CWE-89 Date found: 2016-05-20 Da...
openstack-nova: XenAPI security groups not kept through migrate or resize
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
Updated openstack-nova packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...
Fedora 19 : openstack-nova-2013.1.5-1.fc19 (2014-4188)
Update to stable/grizzly release 2013.1.5 - Keep XenAPI security groups through migrate and resize - CVE-2013-4497 - Secure directory permissions in snapshots - CVE-2013-7048 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisor...
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
DEBIAN-CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
Design/Logic Flaw
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
CVE-2013-4497
Summary: CVE-2013-4497 affects the XenAPI backend of OpenStack Compute (Nova) in Folsom/Grizzly/Havana before 2013.2. The issue is that security groups were not properly reapplied after certain operations (resize or live migration), potentially exposing affected VM instances to unintended network...