CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21418 – Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-21418
12 Mar 2024 — Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios del software para redes abiertas en la nube (SONiC) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21418 • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0324 – Buffer Overflow in Dhcp6relay in Software for Open Networking in the Cloud (SONiC)
https://notcve.org/view.php?id=CVE-2022-0324
14 Nov 2022 — There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore. Existe una vulnerabilidad en el código de análisis de paquetes DHCPv6 que un atacante remoto podría explorar para crear un paquete que podría p... • https://github.com/sonic-net/sonic-buildimage/security/advisories/GHSA-m4qf-8rrq-mph9 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •