Lucene search
K

9185 matches found

Ubuntu
Ubuntu
added 2023/03/07 11:23 a.m.76 views

USN-5929-1: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

7.8CVSS7.3AI score0.06346EPSS
Exploits7
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.16 views

[NAZ-M2] ReaperVaultERC4626.sol doesn't fully conform to EIP4626 implementation

Lines of code Vulnerability details Impact Specifically the two function maxDeposit && maxMint don't fully conform to EIP4626 implementation. Proof of Concept Looking at the following from EIP4626: This assumes that the user has infinite assets, i.e. MUST NOT rely on balanceOf of asset. This goes...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/07 12:0 a.m.68 views

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1421)

According to the versions of the containerd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can...

5.5CVSS7AI score0.00377EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/07 12:0 a.m.50 views

EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1406)

According to the versions of the containerd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can...

5.5CVSS7AI score0.00377EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/03/06 11:22 p.m.89 views

USN-5925-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.8CVSS7.2AI score0.01067EPSS
Exploits2
OpenVAS
OpenVAS
added 2023/03/06 12:0 a.m.34 views

Ubuntu: Security Advisory (USN-5915-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.9CVSS7.4AI score0.71737EPSS
Exploits11References4
Tenable Nessus
Tenable Nessus
added 2023/03/04 12:0 a.m.47 views

Ubuntu 20.04 LTS : Linux kernel (BlueField) vulnerabilities (USN-5918-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5918-1 advisory. It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote...

8.8CVSS7.7AI score0.21314EPSS
Exploits2References12
OSV
OSV
added 2023/03/03 11:47 p.m.21 views

CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...

6.5CVSS5.8AI score0.00806EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2023/03/03 2:58 p.m.76 views

USN-5917-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.1CVSS7.7AI score0.03702EPSS
Exploits6
Ubuntu
Ubuntu
added 2023/03/03 12:49 a.m.118 views

USN-5914-1: Linux kernel (OEM) vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

8.8CVSS7.7AI score0.21314EPSS
Exploits4
Code423n4
Code423n4
added 2023/03/03 12:0 a.m.12 views

Upgraded Q -> 2 from #633 [1677880427560]

Judge has assessed an item in Issue 633 as 2 risk. The relevant finding follows: Vault contract implementation does not disable initializers The Vault.sol contract should implement disableInitializers in its constructure to prevent implementation contracts from being initialized. As this contract...

6.7AI score
Exploits0
Citrix
Citrix
added 2023/03/02 12:0 a.m.12 views

LAPS : Randomizing Local Admin Passwords in Non-persistent Environments

Use LAPS inLocal Admin Passwords for Non-persistent Environments...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/03/01 10:36 p.m.24 views

nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars

Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. From the fix commit notes: Unlike the rest of nistec, the P-256 assembly doesn't use complete addition formulas, meaning that...

7.5CVSS7.2AI score0.00674EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/02/28 8:30 p.m.21 views

Ascii (crate) allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

4.4AI score
Exploits0References4Affected Software1
Schneier on Security
Schneier on Security
added 2023/02/28 12:19 p.m.55 views

Side-Channel Attack against CRYSTALS-Kyber

CRYSTALS-Kyber is one of the public-key algorithms currently recommended by NIST as part of its post-quantum cryptography standardization process. Researchers have just published a side-channel attack--using power consumption--against an implementation of the algorithm that was supposed to be...

2.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/02/28 8:22 a.m.6 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
OSV
OSV
added 2023/02/25 12:0 p.m.11 views

RUSTSEC-2023-0015 Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

7.1AI score
Exploits0References3
RustSec
RustSec
added 2023/02/25 12:0 p.m.19 views

Ascii allows out-of-bounds array indexing in safe code

Affected version of this crate had implementation of From for &mut u8 and &mut str. This can result in out-of-bounds array indexing in safe code. The flaw was corrected in commit 8a6c779 by removing those impls...

4.5AI score
Exploits0Affected Software1
Code423n4
Code423n4
added 2023/02/24 12:0 a.m.13 views

changeRewardSpeed function at the MultiRewardStaking contract is incorrectly implemented and can leave the staking of a token on a denial of service state (copy)

Lines of code Vulnerability details Impact The changeRewardSpeed function from the MultiRewardStaking.sol contract lacks documentation on how exactly it should work. By its name and some comments above it, I infer that the function must change the rate of tokens rewards per unit of time. For...

6.6AI score
Exploits0
Prion
Prion
added 2023/02/23 8:15 p.m.12 views

Authentication flaw

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender FEX when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementati...

2.1CVSS5.4AI score0.00295EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder