Lucene search
K

279 matches found

NVD
NVD
added 2023/11/03 2:15 p.m.34 views

CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

7CVSS6.5AI score0.00231EPSS
Exploits0References8
AlpineLinux
AlpineLinux
added 2023/11/03 2:15 p.m.34 views

CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

3.5CVSS6.6AI score0.00231EPSS
Exploits0
Debian CVE
Debian CVE
added 2023/11/03 1:58 p.m.28 views

CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

7CVSS6.5AI score0.00231EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/10/31 11:29 p.m.31 views

CVE-2023-5088

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

6.4CVSS6.6AI score0.00231EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/10/23 12:0 a.m.18 views

Juniper Junos OS Vulnerability (JSA73145)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA73145 advisory. - An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue...

7.5CVSS7.4AI score0.00531EPSS
Exploits0References3
Prion
Prion
added 2023/10/13 12:15 a.m.18 views

Design/Logic Flaw

An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMP...

5CVSS7.5AI score0.00531EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/10/12 12:0 a.m.5 views

Juniper Networks Junos OS and Junos OS QFX Security Vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS QFX are products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system that is specialized for use with the company's hardware devices. The operating system provides a secure programming interface and the Junos...

7.5CVSS6.8AI score0.00531EPSS
Exploits0References5
OSV
OSV
added 2023/09/25 10:1 p.m.11 views

OPENSUSE-SU-2023:0267-1 Security update for tcpreplay

This update for tcpreplay fixes the following issues: Update to 4.4.4: overflow check fix for parsempls. tcpreplay-edit: prevent L2 flooding of ipv6 unicast packets. CVE-2023-27786: bugs caused by strtokr. boo1209416 CVE-2023-27783 reachable assert in tcpeditdltcleanup boo1209413 reachable assert...

7.5CVSS7.7AI score0.01506EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2023/08/21 7:19 a.m.44 views

CVE-2023-37264

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

4.3CVSS6.7AI score0.00376EPSS
Exploits1References4
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.9 views

L1SCMgmtActivationAction does not check executor role of new and prev emergency security council

Lines of code Vulnerability details Proof of Concept GovernanceChainSCMgmtActivationAction.sol checks that the newEmergencySecurityCouncil has a upgradeExecutor role whereas the prevEmergencySecurityCouncil does not have a upgradeExecutor role. GovernanceChainSCMgmtActivationAction.sol // confirm...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.60 views

Check for the L2 Sequencer's uptime when calling the Chainlink feed is not implemented

Lines of code Vulnerability details Impact The getAnswer function in the LPOracle and OracleConvert contracts has a vulnerability that does not include a check for the Sequencer's uptime when calling the Chainlink feed CLTOKENA, CLTOKENB. In Layer 2 L2 systems, the Chainlink oracle may return an...

6.8AI score
Exploits0
Prion
Prion
added 2023/07/14 6:15 p.m.24 views

Design/Logic Flaw

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service DoS. If an SRX is configured in L2 transparent mode the receipt of a specific genuine...

3.3CVSS6.3AI score0.00301EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/14 5:4 p.m.16 views

CVE-2023-36834 Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service DoS. If an SRX is configured in L2 transparent mode the receipt of a specific genuine...

6.5CVSS7AI score0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/07/14 5:4 p.m.31 views

CVE-2023-36834 Junos OS: SRX 4600 and SRX 5000 Series: The receipt of specific genuine packets by SRXes configured for L2 transparency will cause a DoS

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service DoS. If an SRX is configured in L2 transparent mode the receipt of a specific genuine...

6.5CVSS6.5AI score0.00301EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/07/07 6:46 p.m.45 views

Pipelines do not validate child UIDs

Summary Pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. We should add UID to PipelineRun status and validate that child Run status/results only come from Runs...

4.3CVSS6.7AI score0.00376EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/07/07 5:15 p.m.42 views

CVE-2023-37264

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

4.3CVSS4.1AI score0.00376EPSS
Exploits1References3
Prion
Prion
added 2023/07/07 5:15 p.m.18 views

Design/Logic Flaw

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

4CVSS4.5AI score0.00376EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/07 4:23 p.m.11 views

CVE-2023-37264 Pipelines do not validate child UIDs

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

3.7CVSS6.6AI score0.00376EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/07/07 4:23 p.m.46 views

CVE-2023-37264 Pipelines do not validate child UIDs

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child...

3.7CVSS4.8AI score0.00376EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.13 views

No check for active Arbitrum Sequencer

Lines of code Vulnerability details Impact If the Arbitrum sequencer goes down, the stale ratio will be used during the swap. Proof of Concept readChainlinkFeed gets the price from chainlink oracle and the ratio is used during the swap. function readChainlinkFeed uint256 quoteAmount,...

6.8AI score
Exploits0
Rows per page
Query Builder