CVE-2023-2754

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses...

CVE-2023-37454

An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udfputsuper and udfcloselvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this...

CVE-2023-33176

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery SSRF vulnerability. In an insertDocument API request the user is able to supply a URL from which the presentation should be...

CLSA-2023-1686586528 Fix CVE(s): CVE-2020-1938, CVE-2022-42252

SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP...

CVE-2022-29840

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

Server side request forgery (ssrf)

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

CVE-2022-29840 Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

PT-2023-5687 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel affected versions not specified Description: The issue is related to the lack of proper validation of a user-supplied string before using it to execute a system call in the cwpsrv process, which listens on the loopback...

CVE-2018-17452

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...

UBUNTU-CVE-2018-17452

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...

Server side request forgery (ssrf)

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...

GitLab 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab, which stems from a server-side reque...

PT-2023-10699 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.0 through 11.1.7 GitLab Community and Enterprise Edition versions 11.2.0 through 11.2.4 GitLab Community and Enterprise Edition versions 11.3.0 through 11.3.1 Description: An issue was...

SUSE CVE-2011-1023

The Reliable Datagram Sockets RDS subsystem in the Linux kernel before 2.6.38 does not properly handle congestion map updates, which allows local users to cause a denial of service BUGON and system crash via vectors involving 1 a loopback aka loop transmit operation or 2 an InfiniBand aka ib...

SUSE CVE-2012-2321

The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 host name or 2 domain name in a DHCP reply...

SUSE CVE-2014-9494

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopbackusers restriction via a crafted X-Forwareded-For header...

SUSE CVE-2014-9751

The readnetworkpacket function in ntpio.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by...

SUSE CVE-2015-2152

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...

SUSE CVE-2015-7504

Heap-based buffer overflow in the pcnetreceive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service instance crash or possibly execute arbitrary code via a series of packets in loopback mode...

SUSE CVE-2017-6347

The ipcmsgrecvchecksum function in net/ipv4/ipsockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service buffer over-read or possibly have unspecified other impact via crafted system calls, as demonstrated b...