CVE-2021-46916

CVE-2021-46916 affects the ixgbe driver in the Linux kernel, where a NULL pointer dereference can occur during the ethtool loopback test due to a missing q_vector for the test ring. The fix adds a check for a q_vector and, if absent, returns a napi_id value of 0. This resolves a potential crash/D...

CVE-2021-46916 ixgbe: Fix NULL pointer dereference in ethtool loopback test

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a qvector associated...

PT-2024-2976 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference in the ethtool loopback test of the ixgbe driver. This occurs because there isn't a q vector associated with the test ring when it is...

Linux kernel security vulnerabilities

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the ethtool loopback test...

DSR mode- Permanently High packet CPU Usage (100%) is seen in the Primary

Packet CPU usage remains consistently at 100% High Loopback traffic is observed on the node...

CVE-2023-38562

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

CVE-2023-38562

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

Double free

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

CVE-2023-38562

A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets t...

Weston Embedded uC-TCP-IP Resource Management Error Vulnerability

Weston Embedded uC-TCP-IP is a TCP/IP stack for embedded systems from Weston Embedded. A resource management error vulnerability exists in Weston Embedded uC-TCP-IP version v3.06.01, which stems from a double release vulnerability in the IP header loopback parsing function...

Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability

Talos Vulnerability Report TALOS-2023-1829 Weston Embedded uC-TCP-IP IP header loopback parsing double-free vulnerability February 20, 2024 CVE Number CVE-2023-38562 SUMMARY A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A...

PT-2024-12738 · Unknown · Weston Embedded Uc-Tcp-Ip

Name of the Vulnerable Software and Affected Versions: Weston Embedded uC-TCP-IP version 3.06.01 Description: A double-free vulnerability exists in the IP header loopback parsing functionality. This can be triggered by a specially crafted set of network packets, leading to memory corruption and...

CVE-2023-22817

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

CVE-2023-22817

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

PT-2024-1674 · Western Digital · My Cloud Home Duo +3

Name of the Vulnerable Software and Affected Versions: My Cloud OS versions prior to 5.27.161 My Cloud Home version prior to 9.5.1-104 My Cloud Home Duo version prior to 9.5.1-104 SanDisk ibi version prior to 9.5.1-104 Description: The issue is related to a server-side request forgery SSRF...

My Cloud Multiple Products Code Issue Vulnerability

Western Digital My Cloud and others are products of Western Digital, Inc.Western Digital My Cloud is a personal cloud storage device.Western Digital My Cloud Home is an easy-to-use personal cloud storage device.Western Digital My Cloud Home Duo is an easy-to-use personal cloud storage...

Confluence's create-content operation takes up to 20 minutes to completely render the Create dialog

h3. Issue Summary Confluence's create-content operation clicking the "..." button next to the Create button at the top left results in a create-dialog window that can take up to 20 minutes to fully render. This is reproducible on Data Center: yes h3. Steps to Reproduce On an affected version of...

CVE-2023-5332

A command injection flaw was found in Hashicorp's Consul script check configuration option. If the API is enabled and exposed through a public interface, it is possible to achieve remote code execution. Mitigation To mitigate this issue, the '-enable-script-checks' option must be removed to disab...

Improper input validation leads to arbitrary file deletion

Description The /process endpoint of the python API in collector/api.py exposes an endpoint waiting for a POST request with a parameter named filename : py @api.route"/process", methods="POST" def processfile: content = request.json targetfilename = content.get"filename" printf"Processing...