Lucene search

K

Gwyn's Imagemap Selector Security Vulnerabilities

redhat
redhat

(RHSA-2023:3095) Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

7.2AI Score

0.001EPSS

2023-05-16 09:15 AM
5
almalinux
almalinux

Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

6.5CVSS

7.2AI Score

0.001EPSS

2023-05-16 12:00 AM
8
osv
osv

Moderate: libreswan security and bug fix update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

6.5CVSS

7.5AI Score

0.001EPSS

2023-05-16 12:00 AM
nessus
nessus

RHEL 8 : libreswan (RHSA-2023:3095)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3095 advisory. libreswan: remote DoS via crafted TS payload with an incorrect selector length (CVE-2023-23009) Note that Nessus has not tested for this issue but...

6.6AI Score

0.001EPSS

2023-05-16 12:00 AM
7
nessus
nessus

AlmaLinux 9 : libreswan (ALSA-2023:2633)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2023:2633 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.1AI Score

0.001EPSS

2023-05-14 12:00 AM
20
code423n4
code423n4

Missing Proposal Validations in Funding Contract.

Lines of code https://github.com/code-423n4/2023-05-ajna/blob/276942bc2f97488d07b887c8edceaaab7a5c3964/ajna-grants/src/grants/base/Funding.sol#L52-L66 Vulnerability details Impact The Funding.sol contract's _validateCallDatas function validates the targets, values, and calldatas parameters for a...

7.1AI Score

2023-05-11 12:00 AM
7
nessus
nessus

RHEL 9 : libreswan (RHSA-2023:2633)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:2633 advisory. libreswan: remote DoS via crafted TS payload with an incorrect selector length (CVE-2023-23009) Note that Nessus has not tested for this issue but...

6.6AI Score

0.001EPSS

2023-05-11 12:00 AM
6
ubuntu
ubuntu

css-what vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Packages node-css-what - A CSS selector parser Details It was discovered that css-what incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker...

7.5CVSS

7.8AI Score

0.002EPSS

2023-05-10 12:00 AM
28
redhat
redhat

(RHSA-2023:2633) Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

7.5AI Score

0.001EPSS

2023-05-09 10:14 AM
2
osv
osv

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

6.5CVSS

7.5AI Score

0.001EPSS

2023-05-09 12:00 AM
4
almalinux
almalinux

Moderate: libreswan security update

Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN).....

6.5CVSS

6.6AI Score

0.001EPSS

2023-05-09 12:00 AM
3
osv
osv

vyper vulnerable to storage allocator overflow

Impact The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following: ```vyper owner: public(address) take_up_some_space: public(uint256[10]) buffer: public(uint256[max_value(uint256)]) @external def initialize(): self.owner =...

7.5CVSS

7.6AI Score

0.001EPSS

2023-05-05 10:22 PM
6
github
github

vyper vulnerable to storage allocator overflow

Impact The storage allocator does not guard against allocation overflows. This can result in vulnerabilities like the following: ```vyper owner: public(address) take_up_some_space: public(uint256[10]) buffer: public(uint256[max_value(uint256)]) @external def initialize(): self.owner =...

7.5CVSS

7.3AI Score

0.001EPSS

2023-05-05 10:22 PM
4
githubexploit

9.8CVSS

9.8AI Score

0.971EPSS

2023-04-25 08:51 PM
208
ibm
ibm

Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7

Summary cURL libcurl, Apache Xerces2 Java, Apache Jena, Spring Framework, json-smart-v1 and json-smart-v2 , libxml2, Apache Standard Taglibs , Apache ActiveMQ, Apache Commons Codec are identified as vulnerable components with multiple reported vulnerabilities, listed below. The IBM® Engineering...

9.8CVSS

10.2AI Score

0.975EPSS

2023-04-25 08:12 AM
73
veracode
veracode

Interpretation Conflict

@openzeppelin/contracts is vulnerable to Interpretation Conflict. The vulnerability exists because the TransparentUpgradeableProxy clashing selector calls may not be delegated if the clashing function has a different signature with incompatible ABI encoding, which could lead to proxy revert while.....

5.3CVSS

5.4AI Score

0.001EPSS

2023-04-24 02:52 AM
5
nessus
nessus

Fedora 38 : libreswan (2023-a2348480cb)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-a2348480cb advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.1AI Score

0.001EPSS

2023-04-24 12:00 AM
8
nessus
nessus

Fedora 37 : libreswan (2023-42ec148952)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-42ec148952 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.1AI Score

0.001EPSS

2023-04-24 12:00 AM
3
osv
osv

org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection

Impact A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. Patches The vulnerability...

9CVSS

7.2AI Score

0.004EPSS

2023-04-20 10:04 PM
5
github
github

org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection

Impact A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. Patches The vulnerability...

9CVSS

7.3AI Score

0.004EPSS

2023-04-20 10:04 PM
9
cve
cve

CVE-2023-29519

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

9CVSS

9.1AI Score

0.004EPSS

2023-04-19 12:15 AM
15
osv
osv

CVE-2023-29519

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

9CVSS

9.4AI Score

0.004EPSS

2023-04-19 12:15 AM
1
nvd
nvd

CVE-2023-29519

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

8.8CVSS

9.6AI Score

0.004EPSS

2023-04-19 12:15 AM
prion
prion

Remote code execution

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

8.8CVSS

9.2AI Score

0.004EPSS

2023-04-19 12:15 AM
1
cvelist
cvelist

CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...

9CVSS

9.8AI Score

0.004EPSS

2023-04-18 11:31 PM
2
osv
osv

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS

5.5AI Score

0.001EPSS

2023-04-17 10:15 PM
1
nvd
nvd

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS

5.2AI Score

0.001EPSS

2023-04-17 10:15 PM
cve
cve

CVE-2023-30541

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS

5.1AI Score

0.001EPSS

2023-04-17 10:15 PM
24
prion
prion

Code injection

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS

5.2AI Score

0.001EPSS

2023-04-17 10:15 PM
2
cvelist
cvelist

CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS

5.4AI Score

0.001EPSS

2023-04-17 09:37 PM
github
github

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated

Impact A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from.....

5.3CVSS

5.9AI Score

0.001EPSS

2023-04-17 04:45 PM
11
osv
osv

OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated

Impact A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding, the proxy could revert while attempting to decode the arguments from.....

5.3CVSS

5.9AI Score

0.001EPSS

2023-04-17 04:45 PM
8
openvas
openvas

Mageia: Security Advisory (MGASA-2023-0089)

The remote host is missing an update for...

6.5CVSS

6.7AI Score

0.001EPSS

2023-03-28 12:00 AM
2
githubexploit
githubexploit

Exploit for Authentication Bypass by Capture-replay in Microsoft

CVE-2023-23397 This script allows to create TNEF-encoded...

9.8CVSS

9.9AI Score

0.922EPSS

2023-03-22 11:00 AM
225
code423n4
code423n4

Use safeTransferFrom() instead of transferFrom() in function NeoTokyoStaker._assetTransferFrom()

Lines of code Vulnerability details Impact Some ERC-20 tokens do not revert on failure (such as ZRX). Instead, they would just return a boolean false. In function NeoTokyoStaker._assetTransferFrom(), the check success is only checking whether the low-level call is successful or not. If the ERC-20.....

6.8AI Score

2023-03-15 12:00 AM
2
mageia
mageia

Updated libreswan packages fix security vulnerability

A change in the libreswan 4.2 Traffic Selector parsing code introduced a missing check that would reject palformed Traffic Selector payloads. As such, in such case the code stumbles on to hit a double free, leading to a crash and restart of the pluto daemon. No remote code execution....

6.5CVSS

6.9AI Score

0.001EPSS

2023-03-11 10:00 PM
15
nessus
nessus

Debian DSA-5368-1 : libreswan - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5368 advisory. Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length....

6.2AI Score

0.001EPSS

2023-03-03 12:00 AM
6
redhatcve
redhatcve

CVE-2023-23009

A flaw was found in the Libreswan package. A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of...

6.5CVSS

6.2AI Score

0.001EPSS

2023-02-27 12:29 PM
14
veracode
veracode

Denial Of Service (DoS)

efox is vulnerable to Denial of Service (DoS) attacks. A remote attacker is able to cause denial of service conditions via crafted TS payload with an incorrect selector...

6.5CVSS

6.3AI Score

0.001EPSS

2023-02-25 09:19 PM
8
debiancve
debiancve

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.5CVSS

6.2AI Score

0.001EPSS

2023-02-21 04:15 PM
10
nvd
nvd

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.5CVSS

6.3AI Score

0.001EPSS

2023-02-21 04:15 PM
cve
cve

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.5CVSS

6.2AI Score

0.001EPSS

2023-02-21 04:15 PM
68
alpinelinux
alpinelinux

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.5CVSS

6.6AI Score

0.001EPSS

2023-02-21 04:15 PM
13
osv
osv

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.5CVSS

6.4AI Score

0.001EPSS

2023-02-21 04:15 PM
5
prion
prion

Code injection

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.5CVSS

6.3AI Score

0.001EPSS

2023-02-21 04:15 PM
6
cvelist
cvelist

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.7AI Score

0.001EPSS

2023-02-21 12:00 AM
ubuntucve
ubuntucve

CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector...

6.5CVSS

6.2AI Score

0.001EPSS

2023-02-21 12:00 AM
10
intel
intel

Intel® Ethernet Controllers and Adapters Advisory

Summary: A potential security vulnerability in some Intel® Ethernet Controllers and Adapters may allow denial of service. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-36382 Description: Out-of-bounds write in firmware for...

2.3AI Score

0.0004EPSS

2023-02-14 12:00 AM
22
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...

8.8CVSS

9.6AI Score

0.001EPSS

2023-02-14 12:00 AM
26
oraclelinux
oraclelinux

Unbreakable Enterprise kernel-container security update

[5.4.17-2136.316.7] - runtime revert of virtio_net: Stripe queue affinities across cores. (Konrad Rzeszutek Wilk) [Orabug: 35001045] [5.4.17-2136.316.6] - block: Change the granularity of io ticks from ms to ns (Gulam Mohamed) [Orabug: 34780807] - powercap: intel_rapl: support new layout of...

8.8CVSS

9.6AI Score

0.001EPSS

2023-02-14 12:00 AM
33
Total number of security vulnerabilities1696