279 matches found
CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
CVE-2023-5088
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
Juniper Junos OS Vulnerability (JSA73145)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...
Design/Logic Flaw
An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...
Juniper Networks Junos OS and Junos OS QFX Security Vulnerabilities
Juniper Networks Junos OS and Juniper Networks Junos OS QFX are products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system that is specialized for use with the company's hardware devices. The operating system provides a secure programming interface and the Junos...
OPENSUSE-SU-2023:0267-1 Security update for tcpreplay
This update for tcpreplay fixes the following issues: Update to 4.4.4: overflow check fix for parsempls. tcpreplay-edit: prevent L2 flooding of ipv6 unicast packets. CVE-2023-27786: bugs caused by strtokr. boo1209416 CVE-2023-27783 reachable assert in tcpeditdltcleanup boo1209413 reachable assert...
CVE-2023-37264
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...
L1SCMgmtActivationAction does not check executor role of new and prev emergency security council
Lines of code Vulnerability details Proof of Concept GovernanceChainSCMgmtActivationAction.sol checks that the newEmergencySecurityCouncil has a upgradeExecutor role whereas the prevEmergencySecurityCouncil does not have a upgradeExecutor role. GovernanceChainSCMgmtActivationAction.sol // confirm...
Check for the L2 Sequencer's uptime when calling the Chainlink feed is not implemented
Lines of code Vulnerability details Impact The getAnswer function in the LPOracle and OracleConvert contracts has a vulnerability that does not include a check for the Sequencer's uptime when calling the Chainlink feed CLTOKENA, CLTOKENB. In Layer 2 L2 systems, the Chainlink oracle may return an...
Design/Logic Flaw
An Incomplete Internal State Distinction vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service DoS. If an SRX is configured in L2 transparent mode the receipt of a specific genuine...
CVE-2023-36834 Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS
An Incomplete Internal State Distinction vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service DoS. If an SRX is configured in L2 transparent mode the receipt of a specific genuine...
CVE-2023-36834 Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS
An Incomplete Internal State Distinction vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service DoS. If an SRX is configured in L2 transparent mode the receipt of a specific genuine...
Pipelines do not validate child UIDs
Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...
CVE-2023-37264
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...
Design/Logic Flaw
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...
CVE-2023-37264 Pipelines do not validate child UIDs
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...
CVE-2023-37264 Pipelines do not validate child UIDs
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...
No check for active Arbitrum Sequencer
Lines of code Vulnerability details Impact If the Arbitrum sequencer goes down, the stale ratio will be used during the swap. Proof of Concept readChainlinkFeed gets the price from chainlink oracle and the ratio is used during the swap. function readChainlinkFeed uint256 quoteAmount,...