DEBIAN-CVE-2024-50264

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

AZL-53507 CVE-2024-50264 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

AZL-53672 CVE-2024-50264 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans During loopback communication, a dangling pointer can be created in vsk-trans, potentially leading to a Use-After-Free condition. This issue is resolved ...

UBUNTU-CVE-2024-50272

In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemapread If the caller supplies an iocb-kipos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemapread enters an...

The vulnerability of the axg_card_add_tdm_loopback() function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the axgcardaddtdmloopback function in the sound/soc/meson/axg-card.c file of the Linux operating system’s kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

GHSA-W8GR-XWP4-R9F7 Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

Local Host Access Bypass

Directus is vulnerable to a Local Host Access Bypass. The vulnerability is due to improper filtering of loopback addresses, where only 127.0.0.1 is blocked, but other 127.X.X.X addresses can bypass restrictions, allowing an attacker to gain unauthorized access to local services...

Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

CVE-2024-8883

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

GHSA-68G8-C275-XF2M Directus vulnerable to SSRF Loopback IP filter bypass

Impact If you're relying on blocking access to localhost using the default 0.0.0.0 filter this can be bypassed using other registered loopback devices like 127.0.0.2 - 127.127.127.127 Workaround You can block this bypass by manually adding the 127.0.0.0/8 CIDR range which will block access to any...

Directus vulnerable to SSRF Loopback IP filter bypass

Impact If you're relying on blocking access to localhost using the default 0.0.0.0 filter this can be bypassed using other registered loopback devices like 127.0.0.2 - 127.127.127.127 Workaround You can block this bypass by manually adding the 127.0.0.0/8 CIDR range which will block access to any...

CVE-2024-46990

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

CVE-2024-46990 SSRF Loopback IP filter bypass in directus

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

CVE-2024-46990 SSRF Loopback IP filter bypass in directus

Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default 0.0.0.0 filter a user may bypass this block by using other registered loopback devices like 127.0.0.2 - 127.127.127.127. This issue has been addressed in...

Directus 访问控制错误漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. An Access Control Error vulnerability exists in Directus versions prior to 10.13.2, which stems from the fact that when relying on the use of a default filter to block acces...

PT-2024-34100

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when the caller supplies an iocb-ki pos value close to the filesystem upper limit, and an iterator with a count that causes an overflow of that limit, resulting in...

Dahua IP Camera Authentication Bypass Vulnerability

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication...

VulnCheck KEV: CVE-2021-33045

Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication...

OESA-2024-1770 golang security update

The Go Programming Language. Security Fixes: The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.CVE-2024-24790...

AZL-42386 CVE-2024-24790 affecting package msft-golang for versions less than 1.21.6-1

The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...