CBL Mariner 2.0 Security Update: moby-engine (CVE-2024-29018)

The version of moby-engine installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-29018 advisory. - Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, an...

Amazon Linux 2 : docker (ALASECS-2024-042)

The version of docker installed on the remote host is prior to 25.0.6-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2024-042 advisory. 2025-01-04: CVE-2024-36620 was added to this advisory. 2025-01-04: CVE-2024-36623 was added to this advisory. When...

CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...

CVE-2024-29018

CVE-2024-29018 affects the Moby-based docker/libnetwork networking stack, where internal networks can forward DNS requests to an external nameserver due to how host loopback DNS resolution is bridged for internal networks. The issue enables an attacker controlling an authoritative DNS domain to c...

CVE-2024-29018

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...

Out-of-bounds

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftpinput function and could occur while processing a udp packet that is smaller than the size of the 'tftpt' structure. This issue may lead to out-of-bounds read access or...

CVE-2021-3592

An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootpinput function and could occur while processing a udp packet that is smaller than the size of the 'bootpt' structure. A malicious guest could use this flaw to leak 10 byte...

UBUNTU-CVE-2020-6557

Inappropriate implementation in networking in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A NULL pointer dereference flaw was found in the Generic Receive Offload GRO functionality in the Linux kernel's networking implementation. If both GRO and promiscuous mode were enabled on an interface in a virtual LAN VLAN, it could result in a denial o...

CVE-2019-14378

A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ipreass routine while reassembling incoming packets if the first fragment is bigger than the m-mdat buffer. An attacker could use this flaw to crash the QEMU process on the...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1484)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1488)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could...

SUSE SLES11 Security Update : kvm (SUSE-SU-2019:13962-1)

This update for kvm fixes the following issues : Security issues fixed : CVE-2019-6778: Fixed a heap buffer overflow issue in the SLiRP networking implementation bsc1123156. CVE-2018-19489: Fixed a denial of service vulnerability in virtfs bsc1117275. CVE-2018-19364: Fixed a use-after-free if the...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Updated kernel-tmb packages fix security vulnerabilities

This kernel-tmb update provides an upgrade to the upstream 4.4 longterm kernel series, currently based on 4.4.13 and resolves at least the following security issues: The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service memory consumption ...

RHEL 6 : kernel (RHSA-2016:1225)

An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1)

The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2013-7446: Use-after-free vulnerability in net/unix/afunix.c in the Linux kernel allowed local users to bypass intended AFUNIX socket permissions or cause a...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2907-2)

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2907-2: Linux kernel (Trusty HWE) vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...

USN-2907-1: Linux kernel vulnerabilities

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. CVE-2016-1576 halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security...