637 matches found
GSD-2022-1005866 wireguard: allowedips: don't corrupt stack when detecting overflow
wireguard: allowedips: don't corrupt stack when detecting overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.137 by commit...
GSD-2022-1005615 wireguard: allowedips: don't corrupt stack when detecting overflow
wireguard: allowedips: don't corrupt stack when detecting overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
PT-2022-33873 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Wireguard versions prior to v5.15.61 Description: The issue is related to the allowedips feature in Wireguard, where a potential stack corruption can occur when detecting an overflow. The actual impact and attack plausibility have not yet bee...
PT-2022-34124 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: wireguard versions prior to v5.10.137 Description: The issue is related to the allowedips feature in wireguard, where a stack corruption can occur when detecting an overflow. The actual impact and attack plausibility have not yet been proven...
GSD-2022-1005268 wireguard: allowedips: don't corrupt stack when detecting overflow
wireguard: allowedips: don't corrupt stack when detecting overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.2 by commit...
PT-2022-33526 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: wireguard versions prior to v5.19.2 Description: The issue is related to the allowedips feature in wireguard, where a stack corruption can occur when detecting an overflow. The actual impact and attack plausibility have not yet been proven...
Authorization
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...
CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...
CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...
CVE-2022-36110
Netmaker (WireGuard-based networking) is affected by an improper authorization issue prior to v0.15.1, where non-admin users could perform admin-level API calls using their auth tokens. Root cause: insufficient granularity of access control allowing privilege escalation via the API. Impact per so...
CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...
GHSA-69CG-P879-7622 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, k3d, hey, grpcurl, wireguard-go, kubeflow, terraform-provider-sendgrid...
GHSA-69CG-P879-7622 vulnerabilities
Vulnerabilities for packages: k3d, hey, kubeflow-fips, terraform-provider-sendgrid, wireguard-go, grpcurl, dynamic-localpv-provisioner-fips, dynamic-localpv-provisioner, kubeflow, terraform-provider-sendgrid-fips, kube-state-metrics...
CVE-2022-27664 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, k3d, hey, grpcurl, wireguard-go, kubeflow, terraform-provider-sendgrid...
CVE-2022-27664 vulnerabilities
Vulnerabilities for packages: k3d, hey, kubeflow-fips, terraform-provider-sendgrid, wireguard-go, grpcurl, dynamic-localpv-provisioner-fips, dynamic-localpv-provisioner, kubeflow, terraform-provider-sendgrid-fips, kube-state-metrics...
[SECURITY] Fedora 36 Update: wgctrl-0-0.12.20210811git4253848.fc36
Package Wgctrl enables control of WireGuard interfaces on multiple platforms...
Fedora: Security Advisory for wgctrl (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: wgctrl-0-0.11.20210811git4253848.fc35
Package Wgctrl enables control of WireGuard interfaces on multiple platforms...
Fedora: Security Advisory for wgctrl (FEDORA-2022-fae3ecee19)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: wgctrl-0-0.11.20210811git4253848.fc36
Package Wgctrl enables control of WireGuard interfaces on multiple platforms...