Lucene search
K

218 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.7 views

SUSE CVE-2016-6835

The vmxnettxpktparseheaders function in hw/net/vmxnettxpkt.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service buffer over-read by leveraging failure to check IP header length...

6CVSS8.4AI score0.00392EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.5 views

PT-2022-35957 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue concerns the use of struct group to copy ip/ipv6 header addresses in the Linux Kernel. It was introduced in version v4.2 and fixed in version v6.0.10. The actual impact and attack...

7.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/15 11:38 a.m.4 views

kernel: gso: do not skip outer ip header in case of ipip and net_failover

In the Linux kernel, the following vulnerability has been resolved: gso: do not skip outer ip header in case of ipip and netfailover We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtionet nic with netfailover enabled. VM acts as a IPVS LB with ipip...

6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.9 views

PT-2024-5864 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the Linux kernel's gso component, which fails to skip the outer IP header in certain cases, such as when using ipip and net failover. This can cause a TCP drop...

9.8CVSS6.5AI score0.12746EPSS
Exploits36References544
Prion
Prion
added 2022/10/18 3:15 a.m.20 views

Design/Logic Flaw

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service DoS. A PFE crash will happen when a GPRS Tunnel Protocol GTP packet is...

5CVSS7.5AI score0.00586EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/10/18 2:46 a.m.61 views

CVE-2022-22235

CVE-2022-22235 affects Juniper Networks Junos OS on SRX Series. The issue is an improper check in the Packet Forwarding Engine (PFE) that can cause a Denial of Service (PFE crash) when a GTP-encapsulated GPRS traffic packet with a malformed IP header field is processed. The crash occurs only if e...

7.5CVSS6.5AI score0.00586EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/09/26 1:15 p.m.6 views

CVE-2022-1613

The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based limitations in certain situations...

5.3CVSS5.8AI score0.00589EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2022/09/19 12:0 a.m.15 views

FreeBSD : zeek -- potential DoS vulnerabilities (656b0152-faa9-4755-b08d-aee4a774bd04)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 656b0152-faa9-4755-b08d-aee4a774bd04 advisory. - Tim Wojtulewicz of Corelight reports: Fix a possible overflow and crash in the ICMP analyzer when...

5.7AI score
Exploits0References2
Debian
Debian
added 2022/09/15 9:43 p.m.40 views

[SECURITY] [DLA 3111-1] mod-wsgi security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3111-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 15, 2022 https://wiki.debian.org/LTS -...

7.5CVSS7.4AI score0.0069EPSS
Exploits1
OSV
OSV
added 2022/08/25 6:15 p.m.7 views

AZL-10734 CVE-2022-2255 affecting package mod_wsgi for versions less than 4.9.3-2

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS7.1AI score0.0069EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/25 6:15 p.m.4 views

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS5.8AI score0.0069EPSS
Exploits1References5
OSV
OSV
added 2022/08/25 6:15 p.m.26 views

PYSEC-2022-254

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS3.5AI score0.0069EPSS
Exploits1References4
PyPA
PyPA
added 2022/08/25 6:15 p.m.10 views

PYSEC-2022-254

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS6.8AI score0.0069EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/08/25 5:26 p.m.339 views

CVE-2022-2255

CVE-2022-2255 affects mod_wsgi: a request from an untrusted proxy can carry the X-Client-IP header to the WSGI app because the removal condition is missing. Impact: potential header spoofing bypass. Affected versions are older mod_wsgi; multiple advisories indicate remediation via upgrading to no...

7.5CVSS7.1AI score0.0069EPSS
Exploits1References4Affected Software1
Mageia
Mageia
added 2022/08/20 10:4 a.m.55 views

Updated apache-mod_wsgi packages fix security vulnerability

It was discovered that mod-wsgi did not correctly remove the X-Client-IP header when processing requests from untrusted proxies. A remote attacker could use this issue to pass the header to WSGI applications, contrary to expectations CVE-2022-2255...

7.5CVSS2.4AI score0.0069EPSS
Exploits1References2
OSV
OSV
added 2022/08/13 11:4 a.m.2 views

OESA-2022-1827 mod_wsgi security update

The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime andfor hosting WSGI applications within Apache has a lower overhead than using existin...

7.5CVSS7.1AI score0.0069EPSS
Exploits1References2
OSV
OSV
added 2022/07/22 2:1 p.m.5 views

UBUNTU-CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.5CVSS7.2AI score0.0069EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/07/18 6:12 p.m.56 views

CVE-2022-2255

A vulnerability was found in modwsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing...

7.3CVSS3.5AI score0.0069EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.6 views

PT-2022-4349 · Mod Wsgi +9 · Mod Wsgi +9

Name of the Vulnerable Software and Affected Versions: mod wsgi affected versions not specified Description: A vulnerability in mod wsgi is related to errors in processing the X-Client-IP header. This issue allows an attacker to pass the X-Client-IP header to the target WSGI application because t...

8.7CVSS7.2AI score0.0069EPSS
Exploits1References68
NVD
NVD
added 2022/07/12 2:15 p.m.24 views

CVE-2022-2366

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers...

5.6CVSS0.00586EPSS
Exploits0References1
Rows per page
Query Builder