Lucene search
K

215 matches found

RedHat Linux
RedHat Linux
added 2024/11/05 12:54 a.m.3 views

kernel: gso: do not skip outer ip header in case of ipip and net_failover

In the Linux kernel, the following vulnerability has been resolved: gso: do not skip outer ip header in case of ipip and netfailover We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtionet nic with netfailover enabled. VM acts as a IPVS LB with ipip...

6.8AI score
Exploits0References5
Debian CVE
Debian CVE
added 2024/08/22 3:31 a.m.24 views

CVE-2022-48936

Removed by vendor...

5.8AI score
Exploits0
NVD
NVD
added 2024/08/07 4:15 p.m.13 views

CVE-2024-41432

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can...

5.3CVSS0.00376EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 11:3 a.m.12 views

BIT-MATTERMOST-2022-2366

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...

5.6CVSS5.3AI score0.00586EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:56 a.m.33 views

BIT-MOD_WSGI-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS7AI score0.0069EPSS
Exploits1References5
Rosalinux
Rosalinux
added 2024/02/27 9:22 a.m.55 views

Advisory ROSA-SA-2024-2363

Software: modwsgi 4.6.4 OS: ROSA Virtualization 2.1 packageevrstring: modwsgi-4.6.4-4.rv3.1c CVE-ID: CVE-2022-2255 BDU-ID: 2022-05209 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the modwsgi module of the Apache web server is related to errors in the processing of the X-Client-IP header...

7.5CVSS6.9AI score0.0069EPSS
Exploits1
NVD
NVD
added 2024/02/20 3:15 p.m.36 views

CVE-2023-38562

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

9.1CVSS8.8AI score0.01081EPSS
Exploits1References2
OSV
OSV
added 2024/02/20 3:15 p.m.7 views

CVE-2023-38562

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

9.1CVSS5.9AI score0.01081EPSS
Exploits1References2
Prion
Prion
added 2024/02/20 3:15 p.m.27 views

Double free

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

4CVSS7.6AI score0.01081EPSS
Exploits1References1
CVE
CVE
added 2024/02/20 2:45 p.m.77 views

CVE-2023-38562

Weston Embedded uC-TCP-IP v3.06.01 contains a double-free vulnerability in the IP header loopback parsing functionality. A specially crafted sequence of unauthenticated network packets can trigger memory corruption, potentially enabling code execution. Talos confirms CVE-2023-38562, identifies v3...

9.1CVSS8.7AI score0.01081EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/20 2:45 p.m.17 views

CVE-2023-38562

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

8.7CVSS7.3AI score0.01081EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/20 2:45 p.m.39 views

CVE-2023-38562

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

8.7CVSS8.9AI score0.01081EPSS
Exploits1References1
Talos
Talos
added 2024/02/20 12:0 a.m.33 views

Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability

Talos Vulnerability Report TALOS-2023-1829 Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability February 20, 2024 CVE Number CVE-2023-38562 SUMMARY A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A...

9.1CVSS8.8AI score0.01081EPSS
Exploits1
Prion
Prion
added 2024/02/15 6:15 a.m.28 views

Design/Logic Flaw

ping reads raw IP packets from the network to process responses in the prpack function. As part of processing a response ping has to reconstruct the IP header, the ICMP header and if present a "quoted packet," which represents the packet that generated an ICMP error. The quoted packet again has a...

8.1AI score0.02398EPSS
Exploits0References1
OSV
OSV
added 2024/01/30 1:15 a.m.3 views

PYSEC-2024-27

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

9.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2024/01/30 12:0 a.m.5 views

CrateDB Security Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...

9.8CVSS7.4AI score0.00731EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/30 12:0 a.m.6 views

CVE-2023-51982

CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...

7.5AI score0.00731EPSS
Exploits1References1
Prion
Prion
added 2023/11/28 4:15 p.m.19 views

Design/Logic Flaw

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

5CVSS7AI score0.00622EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/11/28 3:45 p.m.43 views

CVE-2023-49062

Summary: CVE-2023-49062 affects Meta Katran. After a bpf_xdp_adjust_head call, Katran could write uninitialized kernel memory into the IPv4 Identification field during IPv4 encapsulation (and ICMPv4 Too Big packet generation), exposing kernel memory content. This occurs in all Katran versions pri...

7.5CVSS7.3AI score0.00622EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/28 3:45 p.m.29 views

CVE-2023-49062

Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP v4 Too Big packet generation. After a bpfxdpadjusthead call, Katran code didn’t initialize the Identification field for the IPv4 header, resulting in writing content ...

7.5CVSS6.8AI score0.00622EPSS
Exploits0References4
Rows per page
Query Builder