UBUNTU-CVE-2024-24790

The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

CVE-2023-42122

Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2023-42122

CVE-2023-42122 affects Control Web Panel via the cwpsrv process. The flaw: improper validation of a user-supplied string before using it in a system call, with cwpsrv listening on the loopback interface. This enables a local attacker who can run low-privileged code to escalate to root and execute...

SUSE CVE-2024-26814

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of the vfiofslmcirq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself...

CVE-2024-30410

An Incorrect Behavior Order in the routing engine RE of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback lo0 interface. The intended function is that the lo0 firewall filter takes...

CVE-2024-30410 Junos OS: EX4300 Series: Loopback filter not blocking traffic despite having discard term.

An Incorrect Behavior Order in the routing engine RE of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback lo0 interface. The intended function is that the lo0 firewall filter takes...

CVE-2024-30410 Junos OS: EX4300 Series: Loopback filter not blocking traffic despite having discard term.

An Incorrect Behavior Order in the routing engine RE of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback lo0 interface. The intended function is that the lo0 firewall filter takes...

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS versions prior to 20.4R3-S10, prio...

PT-2024-2940 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S10 Juniper Networks Junos OS versions from 21.2 before 21.2R3-S7 Juniper Networks Junos OS versions from 21.4 before 21.4R3-S6 Description: The issue is related to an incorrect behavior orde...

DEBIAN-CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

UBUNTU-CVE-2024-26813

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

UBUNTU-CVE-2024-26814

In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfdctx trigger pointer of the vfiofslmcirq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The interrupt handler itself...

CVE-2024-26813 vfio/platform: Create persistent IRQ handlers

In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SETIRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer...

CVE-2024-29018

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...

Moby's external DNS requests from 'internal' networks could lead to data exfiltration

Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...

CVE-2024-26640

A vulnerability was found in Linux Kernel where rx zerocopy feature allowed mapping of pages owned by the filesystem, leading to potential system panic which is caused by the lack of sanity checks to rx zerocopy. A local authenticated attacker could exploit this vulnerability to cause a denial of...

CVE-2024-26640

The CVE-2024-26640 entry is about a Linux kernel TCP RX zerocopy patch that adds sanity checks in can_map_frag(): pages must not be compound and page->mapping must be NULL. Connected docs confirm this as a concrete kernel fix (patches and CVSS details). Impact is described as a local denial of...

CVE-2023-7060

Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address...

PT-2024-15189 · Zephyr Os · Zephyr Os

Name of the Vulnerable Software and Affected Versions: Zephyr OS affected versions not specified Description: The issue concerns the handling of IP packets in Zephyr OS. Specifically, it does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.0.1 o...

Zephyr Security Breach

Zephyr is an extensible real-time operating system RTOS open-sourced by the Zephyr Project. A security vulnerability exists in Zephyr that stems from the inability to properly drop IP packets arriving at an external interface at source address 127.0.01 or destination address...