CVE-2023-38317

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands...

Thermal camera TMC series vulnerable to insufficient technical documentation

Overview Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation CWE-1059. The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data. Hiroyuki...

JVN#96240417: Thermal camera TMC series vulnerable to insufficient technical documentation

Thermal camera TMC series provided by THREE R SOLUTION CORP. JAPAN are vulnerable to insufficient technical documentation CWE-1059. The related documentation does not describe the existence of the network interface, nor the internal storage for pictures and measurement data. Impact The user of th...

CVE-2023-51987

D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords...

CVE-2023-7078 Server-Side Request Forgery (SSRF) in Miniflare

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces as was the default in wrangler until 3.19.0, an attacker on the local network could...

PT-2023-35665 · Git +1 · Ntopng

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. The crash occurs in the Flow::dissectMDNS function, which is called by...

Moderate: Red Hat Security Advisory: containernetworking-plugins security update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2023-49488

A cross-site scripting XSS vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter...

The vulnerability of the nft_inner.c component in the Linux operating system’s network interface layer allows a hacker to trigger a service failure or increase their privileges.

The vulnerability of the nftinner.c component in the Linux operating system’s network interface layer is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause service failures or increase their privileges...

PT-2023-35612 · Git +1 · Ntopng

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap buffer overflow read issue is identified, associated with a crash in the NetworkInterface::dissectPacket function, as indicated by the crash state...

The vulnerability of function sub_391B8 in ASUS RT-AX57 Wi-Fi router’s microprogramming system allows a intruder to execute arbitrary code.

The vulnerability of function sub391B8 in ASUS RT-AX57 Wi-Fi routers exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using a specially crafted request to the lanifname field...

The vulnerability of the batadv_dat_start_timer() function in the distributed-arp-table.c module of the B.A.T.M.A.N. network interface card of the Linux operating system allows a hacker to induce a service failure.

The vulnerability of the batadvdatstarttimer function in the distributed-arp-table.c module of the B.A.T.M.A.N. network interface card of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow a attacker to cause a service failure...

PT-2023-35584 · Git +1 · Ntopng

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 1 crash has been reported. The crash occurs in the IEC104Stats::processPacket function, which is called by...

kernel: Linux kernel iavf driver: Denial of Service via use-after-free vulnerability

A flaw was found in the Linux kernel's iavf driver. A local user with administrative capabilities can exploit a use-after-free vulnerability, caused by a mismatch in network interface NAPI list management functions. This can lead to dangling NAPI entries, resulting in a kernel crash and a Denial ...

Moderate: Red Hat Security Advisory: containernetworking-plugins security and bug fix update

An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

ALSA-2023:6402 Moderate: containernetworking-plugins security and bug fix update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

PT-2023-36279 · Cni +1 · Cni +1

Name of the Vulnerable Software and Affected Versions: cni affected versions not specified Description: The issue is related to a security release in the Go programming language, version 1.21. The estimated number of potentially affected devices worldwide is not available. There is no information...

kernel: Linux kernel iavf driver: Denial of Service via use-after-free vulnerability

A flaw was found in the Linux kernel's iavf driver. A local user with administrative capabilities can exploit a use-after-free vulnerability, caused by a mismatch in network interface NAPI list management functions. This can lead to dangling NAPI entries, resulting in a kernel crash and a Denial ...

The vulnerability of the network plugin interface for connecting network plugins to Container Network Interface (CNI) allows a attacker to influence the integrity, accessibility, and confidentiality of the protected information.

The vulnerability of the network plugin interface for connecting to Container Network Interface CNI devices is related to an incorrect path name limitation when loading plugins from the type field. Exploiting this vulnerability allows a remote attacker to compromise the integrity, availability, a...