GSD-2021-1000027 ixgbe: Fix NULL pointer dereference in ethtool loopback test

ixgbe: Fix NULL pointer dereference in ethtool loopback test This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

UVI-2021-1000027 ixgbe: Fix NULL pointer dereference in ethtool loopback test

ixgbe: Fix NULL pointer dereference in ethtool loopback test This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses

Impact fosite400 released as v0.30.2 introduced a new feature for handling redirect URLs pointing to loopback interfaces rfc8252section-7.3. As part of that change new behavior was introduced which failed to respect the redirect URL's only for loopback interfaces! query parameters 1. Registering ...

GHSA-RFQ3-W54C-F9Q5 OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses

Impact fosite400 released as v0.30.2 introduced a new feature for handling redirect URLs pointing to loopback interfaces rfc8252section-7.3. As part of that change new behavior was introduced which failed to respect the redirect URL's only for loopback interfaces! query parameters 1. Registering ...

Unbreakable Enterprise kernel-container security update

4.14.35-2047.503.1.el7 - bpf, x86: Validate computation of branch displacements for x86-64 Piotr Krysiuk Orabug: 32759961 CVE-2021-29154 - uek-rpm: Add Amazon Elastic Network Adapter module to nano rpm. Somasundaram Krishnasamy Orabug: 32781585 - ext4: handle error of ext4setupsystemzone on remou...

What is an IP address? Do I need one?

An IP address tells computers how to find a certain device within a computer network. An IP address is like an address label for information packets. For each network your computer is connected to, it has a unique IP address on that network. So, one device can have several IP addresses at the sam...

CVE-2020-22001

HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local loopback IP address value allowing remote control of the smart home solution...

CVE-2021-0247

A Race Condition Concurrent Execution using Shared Resource with Improper Synchronization vulnerability in the firewall process dfwd of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is...

CVE-2021-0247 Junos OS: PTX Series, QFX Series: Due to a race condition input loopback firewall filters applied to interfaces may not operate even when listed in the running configuration.

A Race Condition Concurrent Execution using Shared Resource with Improper Synchronization vulnerability in the firewall process dfwd of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback filter on any interfaces of a device. This issue is...

Juniper Networks Junos OS 竞争条件问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. Junos OS is vulnerable to a race condition issue, which exists due to a race condition in the firewall process dfwd. A...

bpftool, kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2021:1071 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2020-7462

Removed by vendor...

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

...

DEBIAN-CVE-2021-3416

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU...

UBUNTU-CVE-2021-3416

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU...

Denial Of Service (DoS)

qemu is vulnerable to denial of service DoS. A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on...

QEMU stack overflow vulnerability

QEMU is a suite of analog processor software. QEMU has a security vulnerability that can be exploited by an attacker to trigger a denial of service on a host system by triggering a fatal error via NIC loopback mode...

QEMU 安全漏洞

QEMU is a suite of analog processor software. QEMU has a security vulnerability that can be exploited by an attacker to trigger a denial of service on a host system by triggering a fatal error via NIC loopback mode...

PT-2021-7378

Name of the Vulnerable Software and Affected Versions QEMU versions up to and including 5.2.0 Description The issue is related to a potential stack overflow via an infinite loop in various NIC emulators of QEMU. This occurs in loopback mode of a NIC where reentrant DMA checks get bypassed, allowi...

Updated coturn package fixes a security vulnerability

When sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a malicious user would be able to relay packets to the loopback interface. Additionally, when coturn is listening on IPv6, which is default, the loopback interface can also be reached by making use of either ::1 or :: as t...