135 matches found
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
CVE-2022-1722
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio
SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...
JGraph draw.io 代码问题漏洞
JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 18.0.5 that stems from a server-side request forgery vulnerability in IPv6 link-local addresses...
PT-2022-14073 · Drawio · Drawio
Name of the Vulnerable Software and Affected Versions: drawio versions prior to 18.0.5 Description: The issue is related to a Server-Side Request Forgery SSRF in the editor's proxy via an IPv6 link-local address. This allows for SSRF to internal link-local IPv6 addresses. Recommendations: For...
SSRF in editor's proxy via IPv6 link-local address
Description The proxy server does not check for link-local IPv6 addresses In https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.javaL255L257, it checks for local IP addresses. It is missing the link-local IPv6 address check -...
The vulnerability of the TCP/IP Link-Local Multicast Name Resolution (LLMNR) protocol implementation in HP Print and HP Digital Sending devices allows a attacker to execute arbitrary code.
The vulnerability of the TCP/IP Link-Local Multicast Name Resolution LLMNR protocol implementation in HP Print and HP Digital Sending devices is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Update now! Many HP printers affected by three critical security vulnerabilities
In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution RCE when exploited...
CVE-2021-21960
A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...
PT-2022-9214 · Sealevel Systems · Seaconnect 370W
Name of the Vulnerable Software and Affected Versions: Sealevel Systems, Inc. SeaConnect 370W version 1.3.34 Description: A stack-based buffer overflow issue exists in the LLMNR functionality, allowing remote code execution through a specially-crafted network packet. An attacker can exploit this ...
DEBIAN-CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...
UBUNTU-CVE-2020-8562
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...
PT-2022-1903 · Hewlett Packard +1 · Hp Digital Sending +2
Name of the Vulnerable Software and Affected Versions: SourceCodester Sanitization Management System affected versions not specified HP Print and HP Digital Sending products affected versions not specified Description: A vulnerability was found in the SourceCodester Sanitization Management System...
CVE-2021-34767
A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 L2 loop in a configured VLAN, resulting in a denial of service DoS condition for that...
UBUNTU-CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
Open Redirection
kunerbetes is vulnerable to open redirection. An authorized user is able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses...
Cisco Adaptive Security Appliance Software OSPFv2 Link-Local Signaling DoS (cisco-sa-asaftd-ospflls-37Xy2q6r)
According to its self-reported version, Cisco Adaptive Security Appliance Software is affected by a vulnerability in the OSPF Version 2 OSPFv2 implementation that allows an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...
SUSE-SU-2021:2239-1 Security update for crmsh
This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix: history: use Path.mkdir instead of mkdir commandbsc1179999, CVE-2020-35459 - Dev: crashtest: Add...
PT-2020-15009 · Fnet · Fnet
Name of the Vulnerable Software and Affected Versions: FNET versions through 4.6.4 Description: An issue was discovered in the code for processing the hostname from an LLMNR request, which doesn't check for '0' termination. This may lead to Information Disclosure in fnet llmnr poll in fnet llmnr....