pcapplusplus:FuzzTarget: Use-of-uninitialized-value in pcpp::NullLoopbackLayer::getFamily

Project: https://github.com/seladb/PcapPlusPlus.git Detailed Report: https://oss-fuzz.com/testcase?key=5717750942269440 Project: pcapplusplus Fuzzing Engine: libFuzzer Fuzz Target: FuzzTarget Job Type: libfuzzermsanpcapplusplus Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...

Junos OS Firewall Filters Failure Vulnerability (JSA10942)

The version of Junos OS installed on the remote host is EX3400 Series running Junos OS prior to 14.1X53-D115, 17.1R3, 17.2R3-S2, 17.3R3-S3, 17.4R2-S5, 18.1R3-S1, 18.2R2, or 18.3R2. It is, therefore, affected by a vulnerability. When a firewall filter is applied on the loopback interface, other...

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Exploit

Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642 Tested on: IBM AIX PPC CVE: CVE-2017-3623 EBBISLAND / EBBSHAVE RPC Buffe...

CVE-2018-5344

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

DEBIAN-CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

UBUNTU-CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

CVE-2019-18379

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...

Server side request forgery (ssrf)

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...

PT-2019-4661 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.2 Description: The issue is related to the io uring feature in the Linux kernel, which can lead to requests being executed with UID 0 and full capabilities, even when initiated by an unprivileged user. This...

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

Unbreakable Enterprise kernel security update

2.6.39-400.315.1 - loopback: off by one in tcmloopmakenaatpg Dan Carpenter Orabug: 30254296 CVE-2011-5327 - floppy: fix out-of-bounds read in copybuffer Denis Efremov Orabug: 30318221 CVE-2019-14283...

CVE-2011-5327

A flaw was found in the Linux kernel’s implementation of SCSI loopback emulation, where an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in memory corruption. A local attacker could abuse this flaw by corrupting memory on a system where this...

Linux kernel denial of service vulnerability (CNVD-2019-25445)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'tcmloopmakenaatpg' function in the drivers/target/loopback/tcmloop.c file in versions of Linux kernel prior to 3.1. An attacker...

UBUNTU-CVE-2011-5327

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption...

Memory corruption

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption...

PT-2019-6717 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.1 Description: The issue is related to an off-by-one error in the tcm loop make naa tpg function, located in the drivers/target/loopback/tcm loop.c file. This error could result in at least memory corruption...

CVE-2019-0048

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall...

CVE-2019-0048 EX4300 Series: When a firewall filter is applied to a loopback interface, other firewall filters for multicast traffic may fail

On EX4300 Series switches with TCAM optimization enabled, incoming multicast traffic matches an implicit loopback filter rule first, since it has high priority. This rule is meant for reserved multicast addresses 224.0.0.x, but incorrectly matches on 224.x.x.x. Due to this bug, when a firewall...

GHSA-M734-R4G6-34F9 NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the special $where...