Lucene search
+L

167 matches found

Prion
Prion
added 2024/02/13 8:15 p.m.23 views

Information disclosure

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

6.9AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2024/02/13 8:15 p.m.9 views

UBUNTU-CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

6CVSS6.5AI score0.00309EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/13 7:18 p.m.44 views

CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

6.6AI score0.00309EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/13 7:18 p.m.25 views

CVE-2023-31346

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests...

6.5AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/19 12:0 a.m.4 views

PT-2024-12275

Name of the Vulnerable Software and Affected Versions SEV Firmware affected versions not specified Description The issue is related to the failure to initialize memory in SEV Firmware, which may allow a privileged attacker to access stale data from other guests. Recommendations At the moment, the...

6CVSS5.6AI score0.00309EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2023/11/28 3:40 p.m.4 views

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

6.5CVSS6.8AI score0.03882EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.6 views

hw: Intel: Gather Data Sampling (GDS) side channel vulnerability

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core...

6.5CVSS6.8AI score0.03882EPSS
Exploits1References6
Veracode
Veracode
added 2023/08/10 11:12 p.m.30 views

Information Disclosure

IntelR Processors are vulnerable to Information Disclosure. This vulnerability occurs when an attacker uses a specially crafted instruction to access stale data from previously used vector registers on the same physical core. This could allow the attacker to infer sensitive information, such as...

6.5CVSS6.5AI score0.03882EPSS
Exploits1References20Affected Software3
Amazon
Amazon
added 2023/08/09 12:0 a.m.7 views

Medium: microcode_ctl

Issue Overview: A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical...

6.5CVSS7.1AI score0.03882EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2023/08/08 5:20 p.m.124 views

CVE-2022-40982

A Gather Data Sampling GDS transient execution side-channel vulnerability was found affecting certain Intel processors. This issue may allow a local attacker using gather instruction load from memory to infer stale data from previously used vector registers on the same physical core. Mitigation T...

6.5CVSS6.6AI score0.03882EPSS
Exploits1References4
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.9 views

Potential Stale Data Due to Inadequate Round Validation

Lines of code Vulnerability details Impact Even tough the dev is checking if the data is stale or not some valid prices could still be considered as invalid because of this line: answeredInRound == roundId, sometimes the answeredInRound might be greater than roundId and would still be valid but i...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.6 views

Chainlink's latestRoundData might return stale or incorrect results

Lines of code Vulnerability details Impact Chainlink's latestRoundData is used but there is no check if the return value indicates stale data. This could return stale price data for the underlying asset. Proof of Concept getChainlinkPrice function uses Chainlink's latestRoundData to get the lates...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.9 views

updatedAt TIMESTAMP IS NOT USED TO DETECT STALE ORACLE PRICES

Lines of code Vulnerability details Impact The external Chainlink oracle, which provides index price information to the system, introduces risk inherent to any dependency on third-party data sources. For example, the oracle could fall behind or otherwise fail to be maintained, resulting in outdat...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.13 views

No stale data check on data being read from POR feed

Lines of code Vulnerability details Impact Stale data of exchange rate data being used protocol, resulting in loss in terms of ETHX being minted at stale exchange rate which won't have accounted for new reward Recommended Mitigation Steps Check lastUpdatedAt timestamp and that it is within...

6.9AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:55 p.m.94 views

K04808933: Intel Processors MMIO Stale Data Advisory vulnerabilities CVE-2022-21123, CVE-2022-21125, and CVE-2022-21127

Security Advisory Description CVE-2022-21123 Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2022-21125 Incomplete cleanup of microarchitectural fill buffers on some Intel...

5.5CVSS5.2AI score0.06451EPSS
Exploits0
Code423n4
Code423n4
added 2023/02/21 12:0 a.m.9 views

Price feed in MCAGRateFeed#getRate is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact MCAGRateFeedgetRate may return stale data Proof of Concept , int256 answer,,, = oracle.latestRoundData; Classic C4 issue. getRate only uses answer but never checks the freshness of the data, which can lead to stale bond pricing data. Stale pricing data c...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/19 12:0 a.m.10 views

StabilizerNode.stabilize uses stale GlobalImpliedCollateralService data, which will make stabilize incorrect

Lines of code Vulnerability details Impact In StabilizerNode.stabilize, impliedCollateralService.syncGlobalCollateral is called only at the end of the function to synchronize the GlobalImpliedCollateralService data. if !shouldAdjustSupplyexchangeRate, stabilizeToPeg lastStabilize = block.timestam...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/19 12:0 a.m.11 views

_distributeProfit will use the stale globalIC.swingTraderCollateralDeficit()/swingTraderCollateralRatio(), which will result in incorrect profit distribution

Lines of code Vulnerability details Impact The distributeProfit called by handleProfit will use globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio when distributing profits, and the latest globalIC.swingTraderCollateralDeficit/swingTraderCollateralRatio needs to be used to ensure th...

6.8AI score
Exploits0
Intel
Intel
added 2022/10/19 12:0 a.m.78 views

Intel® Processors MMIO Stale Data Advisory

Summary: Potential security vulnerabilities in Memory Mapped I/O MMIO for some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-21123 Description: Incomplete cleanup of...

5.5CVSS7AI score0.06451EPSS
Exploits0
Code423n4
Code423n4
added 2022/09/01 12:0 a.m.13 views

[NAZ-M1] Chainlink's latestRoundData Might Return Stale Results

Lines of code Vulnerability details Impact Across these contracts, you are using Chainlink's latestRoundData API, but there is only a check on updatedAt. This could lead to stale prices according to the Chainlink documentation: Historical Price data Checking Your returned answers The result of...

6.7AI score
Exploits0
Rows per page
Query Builder