AZL-26938 CVE-2023-31130 affecting package nodejs for versions less than 16.20.1-2

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

PT-2023-6788

Name of the Vulnerable Software and Affected Versions c-ares versions prior to 1.19.1 Description The issue is related to a buffer underflow in the ares inet net pton function for certain IPv6 addresses, such as "0::00:00:00/2". This function is used internally by c-ares for configuration purpose...

CVE-2023-31477

A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path...

GL.iNet devices 路径遍历漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A path traversal vulnerability exists in GL.iNet devices prior to version 3.216, which can be exploited to allow arbitrary files to be shared in arbitrary folders...

GL.iNet devices 命令注入漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A command injection vulnerability exists in GL.iNet devices prior to version 3.216, which originates from allowing an empty file to be created anywhere on the file system. An attacker could use this...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216 that stems from a buffer overflow issue...

PT-2023-23350 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that allows the installation of arbitrary software, such as a reverse shell, through the software installation feature. This is possible because the restrictions on...

CVE-2023-31472

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied...

CVE-2023-31476

An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters the working directory is /www...

kernel: igmp: use-after-free in ip_check_mc_rcu when opening and closing inet sockets

A use-after-free flaw was found in the Linux kernel’s IGMP protocol in how a user triggers a race condition in the ipcheckmcrcu function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an arbitrary file write vulnerability that can create an empty file anywhere on the file system...

GL.iNet devices 安全漏洞

GL.iNet devices are a series of hardware devices from China's Guanglian Zhitong GL.iNet company. A security vulnerability exists in GL.iNet devices prior to version 3.216, which stems from an API endpoint displaying information about the Wi-Fi configuration, including the SSID and key...

CVE-2023-29778

GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread...

GL.iNet MT3000 操作系统命令注入漏洞

The GL.iNet MT3000 is an AX3000 portable router using the Wi-Fi 6 protocol from China's GL.iNet. An operating system command injection vulnerability exists in the GL.iNet MT3000 version 4.1.0, which stems from the presence of operating system command injection...

OESA-2023-1178 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In bindertransactionbufferrelease of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

OESA-2023-1177 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In bindertransactionbufferrelease of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...

inet-sochi.ru Cross Site Scripting vulnerability OBB-3221440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

K15482: Linux kernel vulnerability CVE-2014-4943

Security Advisory Description The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-4943 Impact None. No F5 products are affected by this...

SUSE CVE-2010-3880

net/ipv4/inetdiag.c in the Linux kernel before 2.6.37-rc2 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message that contains multiple attribute elements, as...

SUSE CVE-2011-2213

The inetdiagbcaudit function in net/ipv4/inetdiag.c in the Linux kernel before 2.6.39.3 does not properly audit INETDIAG bytecode, which allows local users to cause a denial of service kernel infinite loop via crafted INETDIAGREQBYTECODE instructions in a netlink message, as demonstrated by an...