143 matches found
UBUNTU-CVE-2024-46711
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'localaddrused' and 'addaddraccepted' are decremented for addresses not related to the initial subflow ID0, because the source and destination addresses of the initial...
SUSE CVE-2024-45010
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...
DEBIAN-CVE-2024-45010
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...
AZL-49182 CVE-2024-45010 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...
UBUNTU-CVE-2024-45010
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...
The vulnerabilities of the `select_local_address()` and `select_signal_address()` functions in the Linux kernel’s mptcp component allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the selectlocaladdress function in the mptcp component of the Linux operating system’s kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
AZL-48657 CVE-2024-44974 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp selectlocaladdress and selectsignaladdress both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the...
PT-2024-31363
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's handling of 'subflow' endpoints in the mptcp module. When a 'signal' endpoint is removed, it triggers the removal of all linked subflows via th...
CrateDB Security Vulnerability
CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...
PostHog Code Issues Vulnerabilities
PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from not verifying that a URL is local when enabling Webhook, allowing authenticated users to spoof POST requests...
CVE-2023-25525
NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure...
Croc Security Breach
croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A security vulnerability exists in Croc version 9.6.5 and earlier versions, which stems from a protocol that requires the sender to provide its local IP address...
PT-2023-20137 · Nvidia · Nvidia Cumulus Linux
Name of the Vulnerable Software and Affected Versions: NVIDIA Cumulus Linux affected versions not specified Description: The issue concerns the forwarding of VxLAN-encapsulated IPv6 packets in NVIDIA Cumulus Linux. When such a packet is received on an SVI interface with its DMAC/DIPv6 set to the...
NetworkManager bug fix update
An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list NetworkManager is a system network service that manages network device...
Emby Server 安全漏洞
Emby Server is a personal media server software that supports storing, managing, and streaming personal media content with support for multiple device access. Emby Server suffers from a security vulnerability that originated from allowing an attacker to perform a login bypass attack by setting th...
Open-Xchange OX App Suite 代码问题漏洞
Open-Xchange OX App Suite is an e-mail and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite that stems from an IPv4-mapped IPv6 address not being recognized by code as a local address, which can be exploited by an attacker ...
SUSE CVE-2015-8914
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...
SUSE CVE-2019-5163
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...
CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...
UBUNTU-CVE-2022-4201
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...