Webmin和Virtualmin 安全漏洞

Webmin is a set of Web-based system administration tools for use in Unix-like operating systems from the Webmin community.Virtualmin is a powerful and flexible Web hosting control panel for Linux and BSD systems from Virtualmin, Inc. A security vulnerability exists in Webmin versions prior to 2.2...

kernel: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port()

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

The vulnerability of the handle_ipDefaultTTL() function in the software suite of the Linux operating system allows a intruder to trigger a service failure.

The vulnerability of the handleipDefaultTTL function in the Net-SNMP software suite for the Linux operating system is related to a NULL Pointer Exception error that can be exploited by an attacker through a specially created UDP packet. Exploiting this vulnerability could allow a remote attacker ...

The vulnerability of the SLP UDP server slpd-lite in the OpenBMC operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the SLP UDP server slpd-lite in the OpenBMC operating system is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to compromise privacy, integrity, and accessibility by sending a specially...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

This is a rather flaky poc for CVE-2024-38063https://msrc.m...

AZL-47835 CVE-2024-42284 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error tipcudpaddr2str should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipcmediaaddrprintf. Fix this by returni...

In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.

...

DEBIAN-CVE-2024-41041

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

UBUNTU-CVE-2024-41041

In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCKRCUFREE earlier in udplibgetport. syzkaller triggered the warning 0 in udpv4earlydemux. In udpv46earlydemux and sklookup, we do not touch the refcount of the looked-up sk and use sockpfree as skb-destructor, so we...

SUSE CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

DEBIAN-CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

UBUNTU-CVE-2024-40992

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently droppe...

OESA-2024-1792 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some...

dnspython: denial of service in stub resolver

The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...

CVE-2024-38903

H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands...

SUSE CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...

DEBIAN-CVE-2021-47597

In the Linux kernel, the following vulnerability has been resolved: inetdiag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak 1, that can exploited by unpriv users. After analysis it turned out UDP was not initializing r-idiagexpires. Other users of inetskdiagfill might make...

AZL-42615 CVE-2024-36971 affecting package kernel for versions less than 6.6.35.1-4

In the Linux kernel, the following vulnerability has been resolved: net: fix dstnegativeadvice race dstnegativeadvice does not enforce proper RCU rules when sk-dstcache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk-skdstcache, then call dstreleaseolddst. Note...

The vulnerability of the tipc_udp_nl_dump_remoteip() function in the implementation of the TIPC protocol allows a attacker to gain access to protected data or cause a service failure.

The vulnerability of the tipcudpnldumpremoteip function in the net/tipc/udpmedia.c module of the TIPC Transparent Inter-Process Communication protocol implementation in the Linux operating system is related to incorrect validation of the received data. Exploiting this vulnerability may allow an...

The vulnerability of the rds_recv_track_latency() function in the net/rds/af_rds.c module of the Linux operating system’s RDS (Reliable Datagram Sockets) kernel implementation allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the rdsrecvtracklatency function in the net/rds/afrds.c module of the Linux operating system’s RDS Reliable Datagram Sockets implementation is related to reading memory beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to...