CVE-2023-5088

HIGH Year: 2023
CVSS v3 Score
7.0
High
Weakness Type
CWE-821
View all →

Vulnerability Description

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.

Related Vulnerabilities

CVE-2024-1739

HIGH
CVSS:7.5(High)

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insen...

CWE-8212024

CVE-2024-1902

HIGH
CVSS:7.5(High)

lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to c...

CWE-8212024

CVE-2024-6657

MEDIUM
CVSS:6.5(Medium)

A denial of service may be caused to a single peripheral device in a BLE network when multiple central devices continuously connect and disconnect to the peripheral. A hard reset is required to recove...

CWE-8212024

CVE-2024-7043

HIGH
CVSS:8.1(High)

An improper access control vulnerability in open-webui/open-webui v0.3.8 allows attackers to view and delete any files. The application does not verify whether the attacker is an administrator, allowi...

CWE-8212024

CVE-2024-5755

MEDIUM
CVSS:5.3(Medium)

In lunary-ai/lunary versions <=v1.2.11, an attacker can bypass email validation by using a dot character ('.') in the email address. This allows the creation of multiple accounts with essentially the ...

CWE-8212024

CVE-2022-1931

CRITICAL
CVSS:9.1(Critical)

Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.

CWE-8212022