640 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-26861
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receivingcounter.counter Syzkaller with KCSAN...
SUSE CVE-2022-49153
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
CVE-2022-49153
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
DEBIAN-CVE-2022-49153
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
UBUNTU-CVE-2022-49153
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
CVE-2022-49153 wireguard: socket: free skb in send6 when ipv6 is disabled
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
CVE-2022-49153
CVE-2022-49153 affects the Linux kernel via the wireguard path: when sending to a peer, skb memory is not freed if IPv6 is disabled, causing a memory leak. The root cause is missing kfree_skb() in the send6() handling within wg_socket_send_buffer_to_peer/..send_buffer_to_peer() and related code p...
CVE-2022-49153 wireguard: socket: free skb in send6 when ipv6 is disabled
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
CVE-2022-49153 wireguard: socket: free skb in send6 when ipv6 is disabled
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
CVE-2022-49153
In the Linux kernel, the following vulnerability has been resolved: wireguard: socket: free skb in send6 when ipv6 is disabled I got a memory leak report: unreferenced object 0xffff8881191fc040 size 232: comm "kworker/u17:0", pid 23193, jiffies 4295238848 age 3464.870s hex dump first 32 bytes: 00...
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: go-licenses, kine, kustomize, docker-credential-gcr, kyverno-policy-reporter-kyverno-plugin, nuclei, skaffold, go-md2man, gcsfuse, dockerize, hey, fuse-overlayfs-snapshotter, kubeflow-katib, newrelic-prometheus-configurator, buildkitd, kube-bench, pulumi, nri-mssql,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wireguard: allowedips – avoid unaligned 64-bit memory accesses On the Parisc platform, the kernel issues warnings because swapendian attempts to load a 128-bit IPv6 address from an unaligned memory location: - Kernel: Unaligned...
Azure Linux 3.0 Security Update: hyperv-daemons (CVE-2024-26951)
The version of hyperv-daemons installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26951 advisory. - In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for...
Azure Linux 3.0 Security Update: kernel (CVE-2024-42247)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42247 advisory. - In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned...
CVE-2022-36110
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...
Open Redirection
github.com/h44z/wg-portal is vulnerable to Open Redirection. The vulnerability is due to improper handling of OAuth or OIDC authentication backends, which can be exploited when a user visits a malicious website in WireGuard Portal v2...
GO-2025-3371 WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover in github.com/h44z/wg-portal. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...
GHSA-2R2V-9PF8-6342 WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover
Impact Users of WireGuard Portal v2 who have OAuth or OIDC authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website. Patches The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' buil...
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover
Impact Users of WireGuard Portal v2 who have OAuth or OIDC authentication backends enabled can be affected by an Account Takeover vulnerability if they visit a malicious website. Patches The problem was fixed in the latest alpha release, v2.0.0-alpha.3. The docker images for the tag 'latest' buil...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab, the map may still be accessed by non-sleepable program or sleepable program. However bpfmapfdputptr...