Lucene search
K

143 matches found

osv
osv
added 2024/09/13 7:15 a.m.12 views

UBUNTU-CVE-2024-46711

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'localaddrused' and 'addaddraccepted' are decremented for addresses not related to the initial subflow ID0, because the source and destination addresses of the initial...

4.7CVSS6.5AI score0.00216EPSS
Exploits0References12
susecve
susecve
added 2024/09/12 2:51 a.m.5 views

SUSE CVE-2024-45010

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...

3.3CVSS6.4AI score0.0022EPSS
Exploits0References14
osv
osv
added 2024/09/11 4:15 p.m.1 views

DEBIAN-CVE-2024-45010

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...

5.5CVSS5.8AI score0.0022EPSS
Exploits0References1
osv
osv
added 2024/09/11 4:15 p.m.6 views

AZL-49182 CVE-2024-45010 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...

5.5CVSS6.4AI score0.0022EPSS
Exploits0References1
osv
osv
added 2024/09/11 4:15 p.m.3 views

UBUNTU-CVE-2024-45010

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARNONONCEmsk-pm.localaddrused == 0 ... before decrementing the localaddrused counter helped to find a bug when running the "remove single address"...

5.5CVSS6.5AI score0.0022EPSS
Exploits0References12
bdu_fstec
bdu_fstec
added 2024/09/06 12:0 a.m.5 views

The vulnerabilities of the `select_local_address()` and `select_signal_address()` functions in the Linux kernel’s mptcp component allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the selectlocaladdress function in the mptcp component of the Linux operating system’s kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

7.8CVSS6.7AI score0.00272EPSS
Exploits0References30Affected Software6
osv
osv
added 2024/09/04 8:15 p.m.10 views

AZL-48657 CVE-2024-44974 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp selectlocaladdress and selectsignaladdress both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the...

7.8CVSS6.3AI score0.00272EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/08/19 12:0 a.m.7 views

PT-2024-31363

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's handling of 'subflow' endpoints in the mptcp module. When a 'signal' endpoint is removed, it triggers the removal of all linked subflows via th...

5.5CVSS5.6AI score0.0022EPSS
Exploits0
cnnvd
cnnvd
added 2024/01/30 12:0 a.m.6 views

CrateDB Security Vulnerability

CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...

9.8CVSS7.4AI score0.00731EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/12/01 12:0 a.m.4 views

PostHog Code Issues Vulnerabilities

PostHog is an all-in-one open source platform from PostHog Open Source. A code issue vulnerability exists in PostHog that stems from not verifying that a URL is local when enabling Webhook, allowing authenticated users to spoof POST requests...

4.8CVSS6.6AI score0.00381EPSS
Exploits0References2
nvd
nvd
added 2023/09/20 1:15 a.m.22 views

CVE-2023-25525

NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure...

7.5CVSS7.2AI score0.00458EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/09/20 12:0 a.m.5 views

Croc Security Breach

croc is a tool from the individual developers at Zack that allows any two computers to simply and securely transfer files and folders. A security vulnerability exists in Croc version 9.6.5 and earlier versions, which stems from a protocol that requires the sender to provide its local IP address...

5.3CVSS6.3AI score0.004EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2023/09/07 12:0 a.m.7 views

PT-2023-20137 · Nvidia · Nvidia Cumulus Linux

Name of the Vulnerable Software and Affected Versions: NVIDIA Cumulus Linux affected versions not specified Description: The issue concerns the forwarding of VxLAN-encapsulated IPv6 packets in NVIDIA Cumulus Linux. When such a packet is received on an SVI interface with its DMAC/DIPv6 set to the...

7.5CVSS7.2AI score0.00458EPSS
Exploits0References10
rocky
rocky
added 2023/07/08 2:53 a.m.13 views

NetworkManager bug fix update

An update is available for NetworkManager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list NetworkManager is a system network service that manages network device...

6.8AI score
Exploits0
cnnvd
cnnvd
added 2023/06/28 12:0 a.m.4 views

Emby Server 安全漏洞

Emby Server is a personal media server software that supports storing, managing, and streaming personal media content with support for multiple device access. Emby Server suffers from a security vulnerability that originated from allowing an attacker to perform a login bypass attack by setting th...

9.8CVSS6.5AI score0.01497EPSS
Exploits1References4
cnnvd
cnnvd
added 2023/06/20 12:0 a.m.5 views

Open-Xchange OX App Suite 代码问题漏洞

Open-Xchange OX App Suite is an e-mail and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite that stems from an IPv4-mapped IPv6 address not being recognized by code as a local address, which can be exploited by an attacker ...

5CVSS5.2AI score0.0084EPSS
Exploits0References7
susecve
susecve
added 2023/02/15 5:10 a.m.4 views

SUSE CVE-2015-8914

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address...

9.1CVSS6.9AI score0.04248EPSS
Exploits1References5
susecve
susecve
added 2023/02/15 4:17 a.m.4 views

SUSE CVE-2019-5163

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddress, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this...

7.5CVSS6.5AI score0.02289EPSS
Exploits1References5
nvd
nvd
added 2023/01/27 10:15 p.m.26 views

CVE-2022-4201

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

5.3CVSS4.5AI score0.00546EPSS
Exploits1References2
osv
osv
added 2023/01/27 10:15 p.m.4 views

UBUNTU-CVE-2022-4201

A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner...

5.3CVSS5.8AI score0.00546EPSS
Exploits1References2
Rows per page
Query Builder