Gorsair - Hacks Its Way Into Remote Docker Containers That Expose Their APIs

Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access to the docker daemon, you can use Gorsair to directly execute commands on remote containers. Exposing the docker API on the internet is a tremendous risk,...

Virtuozzo Hybrid Infrastructure 4.6 (4.6.0-208)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers' operability. The improvements cover compute services, object storage, monitoring, security, localization, and the user interface. Additionally, this release delivers stability...

OESA-2021-1191 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein...

The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to session timeout errors, which allow attackers to trigger a device reboot or cause a service failure.

The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to session timeout errors. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause a service...

OPENSUSE-SU-2021:0647-1 Security update for netdata

This update for netdata fixes the following issues: - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsoleted...

UBUNTU-CVE-2021-21214

Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension...

Virtuozzo Hybrid Infrastructure 4.5 Update 1 Hotfix 2 (4.5.1-34)

This update provides fixes for the admin and self-service panels. Vulnerability id: VSTOR-42074 Unable to add a network interface to an existing VM in the self-service panel. Vulnerability id: VSTOR-42954 Added a message about disabling security groups for a VM network interface. Vulnerability id...

CVE-2021-3448

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...

Design/Logic Flaw

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...

CVE-2021-3448

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...

CVE-2021-3448

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ...

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. The issue occurs in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A guest user/process may use this flaw to consume CPU cycles or crash the QEMU process on the host resulting in DoS scenario.

...

[SECURITY] Fedora 33 Update: containernetworking-plugins-0.9.1-2.fc33

The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only with network connectivity of containers and removing allocated resourc ...

QEMU 安全漏洞

QEMU is a suite of analog processor software. QEMU has a security vulnerability that can be exploited by an attacker to trigger a denial of service on a host system by triggering a fatal error via NIC loopback mode...

Fedora: Security Advisory for containernetworking-plugins (FEDORA-2021-fb466fb623)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

UBUNTU-CVE-2021-20203

An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in Do...

PT-2021-7378

Name of the Vulnerable Software and Affected Versions QEMU versions up to and including 5.2.0 Description The issue is related to a potential stack overflow via an infinite loop in various NIC emulators of QEMU. This occurs in loopback mode of a NIC where reentrant DMA checks get bypassed, allowi...

PT-2021-7352

Name of the Vulnerable Software and Affected Versions QEMU affected versions not specified Description An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in process tx desc if various descriptor fields are initialized...

PT-2021-7374

Name of the Vulnerable Software and Affected Versions QEMU versions up to v5.2.0 Description An integer overflow issue was found in the vmxnet3 NIC emulator of QEMU. This issue may occur if a guest supplies invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may u...

EulerOS Virtualization 3.0.2.6 : qemu (EulerOS-SA-2021-1057)

According to the versions of the qemu packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Quick Emulator Qemu built with the VirtFS, host directory sharing via Plan 9 File System9pfs support, is vulnerable to an improper...