Lucene search
K

178 matches found

RedHat Linux
RedHat Linux
added 2024/01/25 7:58 a.m.3 views

edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler()

REJECTED CVE A secure boot bypass vulnerability was found in EDK2 due to the lack of proper return value checks in the GetEfiGlobalVariable2 function. The API may fail if functions like AllocatePool or gRT-GetVariable fail. Without verifying the return value, an attacker could cause the API to...

7.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/11/07 9:8 a.m.5 views

edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler()

REJECTED CVE A secure boot bypass vulnerability was found in EDK2 due to the lack of proper return value checks in the GetEfiGlobalVariable2 function. The API may fail if functions like AllocatePool or gRT-GetVariable fail. Without verifying the return value, an attacker could cause the API to...

7.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/11/06 12:15 a.m.4 views

CVE-2023-47271

PKP-WAL aka PKP Web Application Library or pkp-lib before 3.3.0-16, as used in Open Journal Systems OJS and other products, does not verify that the file named in an XML document used for the native import/export plugin is an image file, before trying to use it for an issue cover image...

5.3CVSS6AI score0.00618EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/10/17 12:0 a.m.21 views

Cisco IOS XR Software iPXE Boot Signature Bypass (cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB)

According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to...

7.8CVSS7.4AI score0.00095EPSS
Exploits0References7
OSV
OSV
added 2023/09/13 5:15 p.m.5 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

7.8CVSS5.8AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 5:15 p.m.22 views

CVE-2023-20135

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use TOCTOU race condition when an install query regarding an ISO imag...

7CVSS6.4AI score0.00088EPSS
Exploits0References1
OSV
OSV
added 2023/09/13 5:15 p.m.3 views

CVE-2023-20135

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use TOCTOU race condition when an install query regarding an ISO imag...

7CVSS6.1AI score0.00088EPSS
Exploits0References1
NVD
NVD
added 2023/09/13 5:15 p.m.60 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

7.8CVSS6.8AI score0.00095EPSS
Exploits0References1
Prion
Prion
added 2023/09/13 5:15 p.m.27 views

Race condition

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use TOCTOU race condition when an install query regarding an ISO imag...

3.5CVSS7AI score0.00088EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/09/13 5:15 p.m.23 views

Design/Logic Flaw

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

4.3CVSS7.4AI score0.00095EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/13 4:39 p.m.11 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

6.7CVSS6.5AI score0.00095EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/13 4:39 p.m.45 views

CVE-2023-20236

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

6.7CVSS7.6AI score0.00095EPSS
Exploits0References1
CVE
CVE
added 2023/09/13 4:38 p.m.87 views

CVE-2023-20135

Cisco IOS XR Software image verification checks contain a TOCTOU race condition during ISO image install queries, enabling an authenticated, local attacker to execute arbitrary code on the device. Affected component: image verification logic in IOS XR. Root cause: TOCTOU between ISO image modific...

7CVSS7AI score0.00088EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/13 4:38 p.m.13 views

CVE-2023-20135

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use TOCTOU race condition when an install query regarding an ISO imag...

5.7CVSS7.4AI score0.00088EPSS
Exploits0References1
Cisco
Cisco
added 2023/09/13 4:0 p.m.31 views

Cisco IOS XR Software iPXE Boot Signature Bypass Vulnerability

A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating...

6.7CVSS6.8AI score0.00095EPSS
Exploits0References1
Cisco
Cisco
added 2023/09/13 4:0 p.m.47 views

Cisco IOS XR Software Image Verification Vulnerability

A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use TOCTOU race condition when an install query regarding an ISO imag...

5.7CVSS6.4AI score0.00088EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/13 12:0 a.m.3 views

PT-2023-5460 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system...

7CVSS6.9AI score0.00088EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.5 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software that originates from an erro...

6.8CVSS6.6AI score0.00375EPSS
Exploits0References2
OSV
OSV
added 2022/12/27 6:24 p.m.31 views

GO-2022-1180 Verification rule bypass in github.com/kyverno/kyverno

A malicious proxy/registry can bypass verifyImages rules...

8.1CVSS8AI score0.00956EPSS
Exploits0References2
OSV
OSV
added 2022/12/21 5:24 p.m.21 views

GHSA-M3CQ-XCX9-3GVM kyverno verifyImages rule bypass possible with malicious proxy/registry

Impact Users of Kyverno on versions 1.8.3 or 1.8.4 who use verifyImages rules to verify container image signatures, and do not prevent use of unknown registries. Patches This issue has been fixed in version 1.8.5 Workarounds Configure a Kyverno policy to restrict registries to a set of secure...

8.1CVSS8AI score0.00956EPSS
Exploits0References10
Rows per page
Query Builder