25 matches found
EUVD-2006-1625
Malware in sbrugna...
FreeBSD : traefik -- Bypassing IP allow-lists via HTTP/3 early data requests (767dfb2d-3c9e-11ef-a829-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 767dfb2d-3c9e-11ef-a829-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Traefik that allows bypassing IP allow-lists vi...
CVE-2024-39321
An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...
CVE-2024-39321
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...
CVE-2024-39321
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...
CVE-2024-39321
Traefik vulnerability CVE-2024-39321 affects Traefik versions prior to 2.11.14 and 3.2.1, where the API/dashboard validates X-Forwarded-Prefix but can be bypassed by a crafted header, potentially enabling cache poisoning. Remediation: upgrade to Traefik 2.11.14+ or 3.2.1+. Exploitation status not...
traefik -- Bypassing IP allow-lists via HTTP/3 early data requests
The traefik authors report: There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses...
Insufficient Verification Of Data Authenticity
Open vSwitch is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to improper handling of ICMPv6 packets, specifically allowing packets with modified or spoofed target IP addresses to redirect traffic to arbitrary destinations...
Design/Logic Flaw
A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to...
Spoofed IP Addresses for FQDN Based Tunneling
To understand the concept of Spoofed IP address in Split Tunnel of FQDN based tunneling...
Information Disclosure
kernel is vulnerable to information disclosure. The vulnerability exists due to a flaw was found in the Linux SCTP stack allowing an attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9260)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9260 advisory. - drm/i915: Flush TLBs before releasing backing store Tvrtko Ursulin Orabug: 33835812 CVE-2022-0330 - drm/i915: Reduce locking in execlist command...
CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses...
CLSA-2021-1633442934 Fix of CVE: CVE-2020-11868
CVE-2020-11868: incorrect handling of packets from unauthenticated synchronization source with spoofed IP address leads to denial of service...
CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses...
CVE-2021-3772
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. Mitigation As the SCTP module will be...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of service. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcpcollapseofoqueue and tcppruneofoqueue functions by...
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1345)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide...
Authentication flaw
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file...
CVE-2006-1624
The default configuration of syslogd in the Linux sysklogd package does not enable the -x disable name lookups option, which allows remote attackers to cause a denial of service traffic amplification via messages with spoofed source IP addresses...