773 matches found
SUSE CVE-2021-3416
A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU...
SUSE CVE-2021-3448
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...
SUSE CVE-2021-20206
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the syste...
The vulnerability of the Linux operating system’s kernel network interface layer allows a hacker to bypass the network interface layer.
The vulnerability of the Linux operating system’s kernel network firewall is related to improper handling and processing of messages. Exploiting this vulnerability can allow an attacker to bypass network firewall restrictions...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2023-012 (ALASKERNEL-5.15-2023-012)
The version of kernel installed on the remote host is prior to 5.15.86-53.137. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2023-012 advisory. A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request...
Important: kernel
Issue Overview: A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fibnhmatch of the file net/ipv4/fibsemantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is...
PT-2023-14296 · Sinilink · Sinilink Xy-Wft1 Wifi Remote Thermostat
Name of the Vulnerable Software and Affected Versions: Sinilink XY-WFT1 WiFi Remote Thermostat version 1.3.6 Description: The issue allows an attacker to bypass the intended requirement to communicate using MQTT, enabling them to replay Sinilink aka SINILINK521 protocol commands via udp/1024 to...
Enumerate the Network Interface configuration via SSH
Nessus was able to parse the Network Interface data on the remote host. %NASLMINLEVEL 80900 C Tenble, Inc. include"compat.inc"; if description scriptid170170; scriptversion"1.3"; scriptsetattributeattribute:"pluginmodificationdate", value:"2025/02/11"; scriptnameenglish:"Enumerate the Network...
The vulnerability of the User Portal component of the SFOS operating system’s network interface layer, specifically the Sophos Firewall (previously called Sophos XG Firewall), allows a intruder to gain unauthorized access to protected information.
The vulnerability of the User Portal component of the SFOS operating system’s Sophos Firewall formerly Sophos XG Firewall is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...
The vulnerability of the SFOS operating system’s network interface, which is part of the Sophos Firewall (formerly known as Sophos XG Firewall), allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SFOS operating system’s network interface, which is part of the Sophos Firewall formerly known as Sophos XG Firewall, relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain...
AZL-41469 CVE-2021-38561 affecting package cni for versions less than 1.1.2-2
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack...
DEBIAN-CVE-2022-3643
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network stack that packet...
UBUNTU-CVE-2022-3643
Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network stack that packet...
kernel: ibmvnic: free reset-work-item when flushing
A memory leak flaw was found in the Linux kernel’s IBM Virtual Network Interface Controller ibmvnic driver. This issue involved not properly freeing memory associated with a reset work item when the reset work queue is flushed, causing the reset-work-item not to be deallocated. This flaw allows a...
CVE-2022-38380
An improper access control CWE-284 vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API...
PT-2022-6166 · Cisco +6 · Cisco +6
Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: The issue is related to the Linux network backend, specifically the netback driver, where a guest can trigger a NIC interface reset, abort, or crash by sending certain kinds of packets. This ...
Informational: PAN-OS: Impact of the NVIDIA Dataplane Development Kit (DPDK) Vulnerability CVE-2022-28199
The Palo Alto Networks Product Security Assurance team evaluated the NVIDIA Dataplane Development Kit DPDK vulnerability CVE-2022-28199 as it relates to our products. This vulnerability causes networking stacks that use the NVIDIA distribution of the DPDK to enter an unrecoverable state when...
The vulnerability of the FortiOS network interface controller software in FortiGate, related to access control deficiencies, allows attackers to disclose sensitive information.
The vulnerability of the FortiOS network interface controller software in FortiGate systems is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs
A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards NICs. The approach, codenamed ETHERLED, comes from Dr...
Security Bulletin: This Power System update is being released to address CVE-2019-16649 and CVE-2019-16650
Summary POWER8 and POWER9: In response to security issues with virtual media, new Power System firmware updates are being released to address Common Vulnerabilities and Exposures issue numbers CVE-2019-16649 and CVE-2019-16650. Vulnerability Details CVEID:CVE-2019-16649 DESCRIPTION: Multiple...