218 matches found
SUSE CVE-2016-6835
The vmxnettxpktparseheaders function in hw/net/vmxnettxpkt.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service buffer over-read by leveraging failure to check IP header length...
PT-2022-35957 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue concerns the use of struct group to copy ip/ipv6 header addresses in the Linux Kernel. It was introduced in version v4.2 and fixed in version v6.0.10. The actual impact and attack...
kernel: gso: do not skip outer ip header in case of ipip and net_failover
In the Linux kernel, the following vulnerability has been resolved: gso: do not skip outer ip header in case of ipip and netfailover We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtionet nic with netfailover enabled. VM acts as a IPVS LB with ipip...
PT-2024-5864 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's gso component, which fails to skip the outer IP header in certain cases, such as when using ipip and net failover. This can cause a TCP drop...
Design/Logic Flaw
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service DoS. A PFE crash will happen when a GPRS Tunnel Protocol GTP packet is...
CVE-2022-22235
CVE-2022-22235 affects Juniper Networks Junos OS on SRX Series. The issue is an improper check in the Packet Forwarding Engine (PFE) that can cause a Denial of Service (PFE crash) when a GTP-encapsulated GPRS traffic packet with a malformed IP header field is processed. The crash occurs only if e...
CVE-2022-1613
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations...
FreeBSD : zeek -- potential DoS vulnerabilities (656b0152-faa9-4755-b08d-aee4a774bd04)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 656b0152-faa9-4755-b08d-aee4a774bd04 advisory. - Tim Wojtulewicz of Corelight reports: Fix a possible overflow and crash in the ICMP analyzer when...
[SECURITY] [DLA 3111-1] mod-wsgi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 15, 2022 https://wiki.debian.org/LTS -...
AZL-10734 CVE-2022-2255 affecting package mod_wsgi for versions less than 4.9.3-2
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PYSEC-2022-254
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PYSEC-2022-254
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...
Updated apache-mod_wsgi packages fix security vulnerability
It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...
OESA-2022-1827 mod_wsgi security update
The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime andfor hosting WSGI applications within Apache has a lower overhead than using existin...
UBUNTU-CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
CVE-2022-2255
A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...
PT-2022-4349 · Mod Wsgi +9 · Mod Wsgi +9
Name of the Vulnerable Software and Affected Versions: mod wsgi affected versions not specified Description: A vulnerability in mod wsgi is related to errors in processing the X-Client-IP header. This issue allows an attacker to pass the X-Client-IP header to the target WSGI application because t...
CVE-2022-2366
Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...