GHSA-HXWC-5VW9-2W4W NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...

FreeBSD -- IPv6 Hop-by-Hop options use-after-free bug

Problem Description: Due to improper mbuf handling in the kernel, a use-after-free bug might be triggered by sending IPv6 Hop-by-Hop options over the loopback interface. Impact: Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic...

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...

pcapplusplus:FuzzTarget: Use-of-uninitialized-value in pcpp::NullLoopbackLayer::getFamily

Project: https://github.com/seladb/PcapPlusPlus.git Detailed Report: https://oss-fuzz.com/testcase?key=5717750942269440 Project: pcapplusplus Fuzzing Engine: libFuzzer Fuzz Target: FuzzTarget Job Type: libfuzzermsanpcapplusplus Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...

Junos OS Firewall Filters Failure Vulnerability (JSA10942)

The version of Junos OS installed on the remote host is EX3400 Series running Junos OS prior to 14.1X53-D115, 17.1R3, 17.2R3-S2, 17.3R3-S3, 17.4R2-S5, 18.1R3-S1, 18.2R2, or 18.3R2. It is, therefore, affected by a vulnerability. When a firewall filter is applied on the loopback interface, other...

CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Exploit

Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642 Tested on: IBM AIX PPC CVE: CVE-2017-3623 EBBISLAND / EBBSHAVE RPC Buffe...

CVE-2018-5344

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

DEBIAN-CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

UBUNTU-CVE-2019-19241

In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/iouring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to...

CVE-2019-18379

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...

Server side request forgery (ssrf)

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery SSRF exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interfac...

PT-2019-4661 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.4.2 Description: The issue is related to the io uring feature in the Linux kernel, which can lead to requests being executed with UID 0 and full capabilities, even when initiated by an unprivileged user. This...

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

Unbreakable Enterprise kernel security update

2.6.39-400.315.1 - loopback: off by one in tcmloopmakenaatpg Dan Carpenter Orabug: 30254296 CVE-2011-5327 - floppy: fix out-of-bounds read in copybuffer Denis Efremov Orabug: 30318221 CVE-2019-14283...

CVE-2011-5327

A flaw was found in the Linux kernel’s implementation of SCSI loopback emulation, where an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in memory corruption. A local attacker could abuse this flaw by corrupting memory on a system where this...

Linux kernel denial of service vulnerability (CNVD-2019-25445)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the 'tcmloopmakenaatpg' function in the drivers/target/loopback/tcmloop.c file in versions of Linux kernel prior to 3.1. An attacker...

Memory corruption

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption...

UBUNTU-CVE-2011-5327

In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcmloop.c tcmloopmakenaatpg function could result in at least memory corruption...

PT-2019-6717 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.1 Description: The issue is related to an off-by-one error in the tcm loop make naa tpg function, located in the drivers/target/loopback/tcm loop.c file. This error could result in at least memory corruption...