SUSE CVE-2024-27410

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data i...

SUSE CVE-2024-26733

In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arpreqget. syzkaller reported an overflown write in arpreqget. 0 When ioctlSIOCGARP is issued, arpreqget looks up an neighbour entry and copies neigh-ha to struct arpreq.arpha.sadata. The arpha here is...

UBUNTU-CVE-2024-26804

In the Linux kernel, the following vulnerability has been resolved: net: iptunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in skbflowdissect+0x19d1/0x7a50 net/core/flowdissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task...

[SECURITY] Fedora 40 Update: netavark-1.10.3-3.fc40

OCI network stack Netavark is a rust based network stack for containers. It is being designed to work with Podman but is also applicable for other OCI container management applications. Netavark is a tool for configuring networking for Linux containers. Its features include: Configuration of...

Fedora: Security Advisory for netavark (FEDORA-2024-a267e93f8c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Eclipse ThreadX NetX Duo 输入验证错误漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.0, which stems from a vulnerability that allows attackers to cause a buffer overflow via the function...

net: prevent mss overflow in skb_segment()

...

SUSE CVE-2024-26614

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

CentOS 9 : dpdk-21.11.2-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dpdk-21.11.2-1.el9 build changelog. - A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by...

MikroTik RouterOS Uncontrolled Resource Consumption (CVE-2017-7285)

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. This plugin only works with Tenable.ot...

Weston Embedded uC-TCP-IP Security Vulnerability

Weston Embedded uC-TCP-IP is a TCP/IP stack for embedded systems from Weston Embedded. A security vulnerability exists in Weston Embedded uC-TCP-IP version v3.06.01 that stems from a denial of service vulnerability in the ICMP and ICMPv6 parsing functions...

[SECURITY] [DSA 5624-1] edk2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5624-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2024 https://www.debian.org/security/faq -...

Ligolo-Ng - An Advanced, Yet Simple, Tunneling/Pivoting Tool That Uses A TUN Interface

Ligolo-ng is a simple , lightweight and fast tool that allows pentesters to establish tunnels from a reverse TCP/TLS connection using a tun interface without the need of SOCKS. Features Tun interface No more SOCKS! Simple UI with agent selection and network information Easy to use and setup...

CVE-2023-28583 Double Free in Data Network Stack & Connectivity

Memory corruption when IPv6 prefix timer objects lifetime expires which are created while Netmgr daemon gets an IPv6 address...

CVE-2023-28583 Double Free in Data Network Stack & Connectivity

Memory corruption when IPv6 prefix timer objects lifetime expires which are created while Netmgr daemon gets an IPv6 address...

PT-2023-9843 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to a memory corruption vulnerability in the Network Stack module of Qualcomm's embedded platform software. This occurs when processing IPA...

CVE-2023-48692

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp,...

CVE-2023-48316

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp,...

CVE-2023-48691

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components include process related to IGMP protocol i...

Design/Logic Flaw

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to icmp,...