55 matches found
CVE-2024-32765 QTS, QuTS hero
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS...
kernel: inet: inet_defrag: prevent sk release while still in use
In the Linux kernel, the following vulnerability has been resolved: inet: inetdefrag: prevent sk release while still in use iplocalout and other functions can pass skb-sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be...
[SECURITY] [DSA 5640-1] openvswitch security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5640-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 14, 2024 https://www.debian.org/security/faq -...
QNAP QuTS hero XSS Vulnerability (QSA-24-11)
QNAP QuTS hero is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
QNAP QTS XSS Vulnerability (QSA-24-11)
QNAP QTS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts";...
QNAP QuTScloud XSS Vulnerability (QSA-24-11)
QNAP QuTScloud is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-32969
A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...
Cross site scripting
A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...
CVE-2023-32969 Network & Virtual Switch
A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...
CVE-2023-32969
Summary (CVE-2023-32969) A cross-site scripting (XSS) vulnerability affects QNAP’s Network & Virtual Switch across multiple product lines (QuTScloud, QTS, QuTS hero). The issue allows authenticated administrators to inject malicious code via a network. Affected/fixed versions: QuTScloud c5.1.5.26...
CVE-2023-32969 Network & Virtual Switch
A cross-site scripting XSS vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QuTScloud c5.1.5.2651...
Open vSwitch: Multiple Vulnerabilities
Background Open vSwitch is a production quality multilayer virtual switch. Description Multiple vulnerabilities have been discovered in Open vSwitch. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There i...
USN-6068-1: Open vSwitch vulnerability
David Marchand discovered that Open vSwitch incorrectly handled IP packets with the protocol set to 0. A remote attacker could possibly use this issue to cause a denial of service...
Debian: Security Advisory (DLA-3253-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3253-1] openvswitch security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3253-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb December 31, 2022 https://wiki.debian.org/LTS -...
USN-5698-1: Open vSwitch vulnerability
It was discovered that Open vSwitch incorrectly handled comparison of certain minimasks. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-5065-1: Open vSwitch vulnerability
It was discovered that Open vSwitch incorrectly handled decoding RAWENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code...
CVE-2021-38598
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch c...
lldp/openvswitch: denial of service via externally triggered memory leak
A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability...
Debian DSA-4852-1 : openvswitch - security update
Joakim Hindersson discovered that Open vSwitch, a software-based Ethernet virtual switch, allowed a malicious user to cause a denial-of-service by sending a specially crafted packet. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...