PT-2023-33302 · Xen · Xen-Netback

Name of the Vulnerable Software and Affected Versions: xen/netback versions prior to v5.10.159 Description: The issue is related to protocol headers falling in the non-linear area. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.10.159...

PT-2023-33227 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.83 Description: The issue concerns the xen/netback component, where protocol headers may fall in the non-linear area. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...

CVE-2022-3643

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network stack that packet...

Design/Logic Flaw

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network stack that packet...

CVE-2022-3643

Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an unwritten? assumption in the rest of the Linux network stack that packet...

Mozilla Firefox 输入验证错误漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from an input validation error vulnerability that arises from the browser handling redirects when accepting redirect headers from external protocols...

CVE-2021-22679

The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK versions prior to v4.10.03, CC13X2 and CC26XX SDK...

CVE-2021-23351

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service DoS via the parseVersion1 function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in t...

FreeBSD : FreeBSD -- Insufficient packet length validation in libalias (30ce591c-947b-11ea-92ab-00163e433440)

libalias3 packet handlers do not properly validate the packet length before accessing the protocol headers. As a result, if a libalias3 module does not properly validate the packet length before accessing the protocol header, it is possible for an out of bound read or write condition to occur...

DEBIAN-CVE-2016-8666

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service stack consumption and panic or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a...

JGroups: Authorization bypass

It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...

Tor 'Relay Early' Traffic Confirmation Attack Vulnerability (Oct 2014) - Windows

Tor is prone to an information disclosure vulnerability. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...