281 matches found
CVE-2021-27365
A flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2021-1526)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
New Attack Could Let Remote Hackers Target Devices On Internal Networks
A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network, according to the latest research. Detailed by enterprise IoT security firm Armis, the new attack CVE-2020-16043 and CVE-2021-23961 builds on the previously disclose...
EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2021-1045)
According to the version of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting...
CVE-2018-14067
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...
Command injection
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...
CVE-2018-14067
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 devices allow Command Injection, with unauthenticated remote command execution, via a crafted payload to the HTTPS port, because lighttpd listens on all network interfaces including the external Internet by default. NOTE: this may overlap CVE-2017-9980...
nbns-interfaces NSE Script
Retrieves IP addresses of the target's network interfaces via NetBIOS NS. Additional network interfaces may reveal more information about the target, including finding paths to hidden non-routed networks via multihomed systems. Example Usage nmap -sU -p 137 --script nbns-interfaces Script Output...
Updated libvirt packages fix security vulnerability
A double free memory issue was found to occur in the libvirt API responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions cou...
The vulnerability of the syntactic analysis procedure for JSON microprogramming systems used in Huawei USG6000V network interfaces allows a attacker to trigger a service failure.
The vulnerability of the JSON syntax analysis process in Huawei USG6000V network interface controllers is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Authorization Bypass
lxc is vulnerable to authorization bypass. The vulnerability exists through missing functional level access which allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...
Apache Cassandra 1.2.x <= 1.2.19 / 2.0.x <= 2.0.13 / 2.1.x <= 2.1.3 RCE
The default configuration in Apache Cassandra running on the remote host version 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 bound an unauthenticated JMX/RMI interface to all network interfaces. A remote attacker able to access the RMI, an API for the transport and remote...
Ubuntu 20.04 LTS : MySQL vulnerabilities (USN-4651-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4651-1 advisory. Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This updat...
Ubuntu: Security Advisory (USN-4651-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Connecting Restored VM Instances to New Networks in Veeam Backup for Google Cloud
Challenge By default, every VM instance in a VPC network has a single default network interface, and you cannot add or remove network interfaces from an existing VM instance. This means that Google Cloud does not allow you to attach the network interface of a VM instance to a different network wh...
A double free memory issue was found to occur in the libvirt API in versions before 6.8.0 responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon resulting in a denial of service or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
...
ALPINE-CVE-2020-25637
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...
AZL-6658 CVE-2020-25637 affecting package libvirt for versions less than 6.1.0-4
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...
CVE-2020-25637
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...
UBUNTU-CVE-2020-25637
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with...