CVE-2023-5366

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.

Related Vulnerabilities

CVE-2019-10157

MEDIUM
CVSS:5.5(Medium)

It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use thi...

CWE-3452019

CVE-2020-14122

MEDIUM
CVSS:5.5(Medium)

Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage.

CWE-3452020

CVE-2020-23906

MEDIUM
CVSS:5.5(Medium)

FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.

CWE-3452020

CVE-2020-9885

MEDIUM
CVSS:5.5(Medium)

An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchO...

CWE-3452020

CVE-2021-22419

MEDIUM
CVSS:5.5(Medium)

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos.

CWE-3452021

CVE-2021-22460

MEDIUM
CVSS:5.5(Medium)

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.

CWE-3452021