PT-2023-8274 · Amd +1 · Amd Asp Handler +1

Name of the Vulnerable Software and Affected Versions: AMD ASP Handler affected versions not specified Description: The issue is related to improper address validation in ASP with SNP enabled, which may allow an attacker to compromise guest memory integrity. It is also described as a buffer...

Wrong errors degradate UX

Lines of code Vulnerability details Impact If the beneficiary of the order is address0, it will revert popping up the error InvalidAmount. This is bad as the UI will show the users they put wrong either the collateral amount or the USDe amount, when those values may be correct. Proof of Concept...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Inetutils vulnerability (USN-5177-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5177-1 advisory. It was discovered that Inetutils did not properly check the response of ftp requests. A remote attacker could use this vulnerability to...

CVE-2023-44190

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded ...

CVE-2023-44189

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to...

CVE-2023-44189

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to...

CVE-2023-44190 Junos OS Evolved: PTX10001, PTX10004, PTX10008, PTX10016: MAC address validation bypass vulnerability

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded ...

CVE-2023-44190

CVE-2023-44190 concerns an Origin Validation vulnerability in MAC address validation on Juniper Networks Junos OS Evolved for PTX10001/PTX10004/PTX10008/PTX10016. The root cause is bypass of MAC address checking, allowing a network-adjacent attacker to forward MAC addresses not intended for the a...

CVE-2023-44189 Junos OS Evolved: PTX10003 Series: MAC address validation bypass vulnerability

An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to...

CVE-2023-44189

CVE-2023-44189 affects Juniper Networks Junos OS Evolved on PTX10003 Series. The issue is an Origin Validation vulnerability in MAC address validation that lets a network-adjacent attacker bypass MAC checks, causing MACs not intended for the adjacent LAN to be forwarded to the downstream network,...

No address validation can lead to unexpected behaviour

Lines of code Vulnerability details Background With the implementation of the ERC20Multidelegate contract, it will be possible to delegate your voting power to multiple recipients in one transaction. A user can call ERC20MultiDelegate.delegateMulti to initiate this multi-delegation: source:...

Incorrect Addresses will be returned via retrieveProxyContractAddress() possibly bricking delegations.

Lines of code Vulnerability details The retrieveProxyContractAddress function is used to retrieve the address where it casts a bytes32 to an address type. function retrieveProxyContractAddress ERC20Votes token, address delegate private view returns address bytes memory bytecode = abi.encodePacked...

PT-2023-6301 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 21.4R3-S5-EVO Juniper Networks Junos OS Evolved 22.1 versions prior to 22.1R3-S4-EVO Juniper Networks Junos OS Evolved 22.2 versions 22.2R1-EVO and later Juniper Networks Junos OS Evolved 22...

The vulnerability of the allowed_urls configuration in the PyTorch TorchServe training and scaling tool allows a attacker to perform an SSRF attack.

The vulnerability of the allowedurls configuration in PyTorch TorchServe’s model servicing and scaling tools is related to insufficient validation of incoming requests during URL verification. Exploiting this vulnerability could allow a remote attacker to execute an SSRF attack...

PT-2023-6228 · Juniper Networks · Junos Evolved

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved on PTX10003 Series versions prior to 21.4R3-S4-EVO Juniper Networks Junos OS Evolved on PTX10003 Series version 22.1 versions prior to 22.1R3-S3-EVO Juniper Networks Junos OS Evolved on PTX10003 Series versio...

Medium: php

Issue Overview: Several flaws has been found in php. The pdofirebase module does not check the length of the server version string in a response packet causing a stack buffer overflow, does not verify the data and uses the wrong type to cast length leading to a crash, and does not validate the...

Absence of zero address checks for roles passed to the initialize function.

Lines of code Vulnerability details Impact The initialize function accepts various roles as part of the roles parameter SecurityCouncilManagerRoles. However, it doesn't validate whether any of these role addresses are set to the zero address address0. This omission might result in inadvertently...

SUSE CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

UBUNTU-CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

Contract can be initialized with arbitrary or non functional address

Lines of code Vulnerability details Impact An attacker can pass invalid addresses to the initialize function, potentially leading to unexpected behavior and security vulnerabilities in the contract Proof of Concept The initialize function is intended to be called only once to initialize the...