You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"value": "Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact.\n\nThe functions `addr2cidr` and `cidrlookup` may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker may be able to leverage this to bypass access controls based on IP addresses.\n\nThe documentation advises validating untrusted CIDR strings with the `cidrvalidate` function. However, this mitigation is optional and not enforced by default. In practice, users may call `addr2cidr` or `cidrlookup` with untrusted input and without validation, incorrectly assuming that this is safe."
12
+
},
13
+
{
14
+
"lang": "es",
15
+
"value": "Las versiones de Net::CIDR anteriores a la 0.24 para Perl manejan incorrectamente los ceros iniciales en las direcciones IP CIDR, lo que puede tener un impacto no especificado.\n\nLas funciones `addr2cidr` y `cidrlookup` pueden devolver ceros iniciales en una cadena CIDR, que a su vez pueden ser interpretados como n\u00fameros octales por usuarios posteriores. En algunos casos, un atacante podr\u00eda aprovechar esto para eludir los controles de acceso basados en direcciones IP.\n\nLa documentaci\u00f3n aconseja validar cadenas CIDR no confiables con la funci\u00f3n `cidrvalidate`. Sin embargo, esta mitigaci\u00f3n es opcional y no se aplica por defecto. En la pr\u00e1ctica, los usuarios pueden llamar a `addr2cidr` o `cidrlookup` con entrada no confiable y sin validaci\u00f3n, asumiendo incorrectamente que esto es seguro."
Copy file name to clipboardExpand all lines: CVE-2023/CVE-2023-313xx/CVE-2023-31364.json
+6-2Lines changed: 6 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -2,13 +2,17 @@
2
2
"id": "CVE-2023-31364",
3
3
"sourceIdentifier": "psirt@amd.com",
4
4
"published": "2026-02-26T21:28:47.037",
5
-
"lastModified": "2026-02-26T21:28:47.037",
6
-
"vulnStatus": "Received",
5
+
"lastModified": "2026-02-27T14:06:37.987",
6
+
"vulnStatus": "Awaiting Analysis",
7
7
"cveTags": [],
8
8
"descriptions": [
9
9
{
10
10
"lang": "en",
11
11
"value": "Improper handling of direct memory writes in the input-output memory management unit could allow a malicious guest virtual machine (VM) to flood a host with writes, potentially causing a fatal machine check error resulting in denial of service."
12
+
},
13
+
{
14
+
"lang": "es",
15
+
"value": "El manejo inadecuado de las escrituras directas en memoria en la unidad de gesti\u00f3n de memoria de entrada/salida podr\u00eda permitir que una m\u00e1quina virtual (VM) invitada maliciosa inunde un anfitri\u00f3n con escrituras, causando potencialmente un error fatal de comprobaci\u00f3n de m\u00e1quina que resultar\u00eda en denegaci\u00f3n de servicio."
"value": "A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affects EduAsist: through 27022026.\n\nNOTE: The vendor was contacted early about this disclosure but did not respond in any way."
0 commit comments