281 matches found
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Netplan regression (USN-6851-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6851-2 advisory. USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl...
Ubuntu: Security Advisory (USN-6851-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6851-1: Netplan vulnerabilities
Andreas Hasenack discovered that netplan incorrectly handled the permissions for netdev files containing wireguard configuration. An attacker could use this to obtain wireguard secret keys. It was discovered that netplan configuration could be manipulated into injecting arbitrary commands while...
Moderate: Red Hat Security Advisory: containernetworking-plugins security and bug fix update
An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
GO-2024-2737 IPv6 enabled on IPv4-only network interfaces in github.com/docker/docker
IPv6 enabled on IPv4-only network interfaces in github.com/docker/docker...
Researchers Uncover RAT-Dropping npm Package Targeting Gulp Users
Cybersecurity researchers have uncovered a new suspicious package uploaded to the npm package registry that's designed to drop a remote access trojan RAT on compromised systems. The package in question is glup-debugger-log, which targets users of the gulp toolkit by masquerading as a "logger for...
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...
CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...
CVE-2024-36105 dbt allows Binding to an Unrestricted IP Address via socketsocket
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Prior to versions 1.6.15, 1.7.15, and 1.8.1, Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the...
CVE-2024-36105
CVE-2024-36105 affects dbt-core prior to 1.6.15, 1.7.15, and 1.8.1. The issue arises when the docs server binds to INADDR_ANY or IN6ADDR_ANY (0.0.0.0/::) instead of localhost, exposing the HTTP server on all network interfaces. This can enable unauthorized access from other hosts on the same netw...
SUSE CVE-2021-47259
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...
DEBIAN-CVE-2021-47259
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix use-after-free in nfs4initclient KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to hit this with kernels starting...
Docker Engine 26.0.0 < 26.0.2 Unexpected Resource Exposure
The version of the Docker Engine installed on the remote host is 26.0.x prior to 26.0.2. It is therefore affected by an unexpected resource exposure vulnerability. In the affected versions of Moby, an open source container framework that is a key component of Docker Engine, Docker Desktop, and...
CVE-2024-32473
A flaw was found in Moby, an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling and runtimes. In certain versions, IPv6 is not disabled on network interfaces, including those belonging to networks where...
CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...
CVE-2024-32473 Moby IPv6 enabled on IPv4-only network interfaces
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...
CVE-2024-32473
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. An container with an ipvl...
IPv6 enabled on IPv4-only network interfaces
In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false. Impact A container with an ipvlan or macvlan interface will normally be configured to share an external network link with the host machine. Because of this direct access, wi...
PT-2024-23582 · Unknown · Ros2 Galactic Geochelone
Name of the Vulnerable Software and Affected Versions: ROS2 Galactic Geochelone versions 2 Description: An insecure deserialization vulnerability has been identified, allowing attackers to execute arbitrary code and obtain sensitive information via crafted input to the Data Serialization and...
PT-2024-23568 · Ros2 · Ros2
Name of the Vulnerable Software and Affected Versions: ROS2 Iron Irwini versions ROS VERSION 2 and ROS PYTHON VERSION 3 Description: An insecure deserialization issue allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components,...