Lucene search
K

135 matches found

ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.6 views

CVE-2022-1722

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...

7.5CVSS5.8AI score0.00514EPSS
Exploits1References3
NVD
NVD
added 2022/05/16 3:15 p.m.26 views

CVE-2022-1722

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...

7.5CVSS0.00514EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/16 2:31 p.m.26 views

CVE-2022-1722 SSRF in editor's proxy via IPv6 link-local address in jgraph/drawio

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses...

7.5CVSS4.4AI score0.00514EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/05/16 12:0 a.m.2 views

JGraph draw.io 代码问题漏洞

JGraph draw.io is a configurable chart/whiteboard visualization application from JGraph. A security vulnerability exists in JGraph draw.io versions prior to 18.0.5 that stems from a server-side request forgery vulnerability in IPv6 link-local addresses...

7.5CVSS6.4AI score0.00514EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/05/16 12:0 a.m.4 views

PT-2022-14073 · Drawio · Drawio

Name of the Vulnerable Software and Affected Versions: drawio versions prior to 18.0.5 Description: The issue is related to a Server-Side Request Forgery SSRF in the editor's proxy via an IPv6 link-local address. This allows for SSRF to internal link-local IPv6 addresses. Recommendations: For...

7.5CVSS5.4AI score0.00514EPSS
Exploits1References6
Huntr
Huntr
added 2022/05/13 5:50 p.m.37 views

SSRF in editor's proxy via IPv6 link-local address

Description The proxy server does not check for link-local IPv6 addresses In https://github.com/jgraph/drawio/blob/dev/src/main/java/com/mxgraph/online/ProxyServlet.javaL255L257, it checks for local IP addresses. It is missing the link-local IPv6 address check -...

2.1CVSS0.3AI score0.00514EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/03/25 12:0 a.m.9 views

The vulnerability of the TCP/IP Link-Local Multicast Name Resolution (LLMNR) protocol implementation in HP Print and HP Digital Sending devices allows a attacker to execute arbitrary code.

The vulnerability of the TCP/IP Link-Local Multicast Name Resolution LLMNR protocol implementation in HP Print and HP Digital Sending devices is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

8.8CVSS7.7AI score0.00695EPSS
Exploits0References5Affected Software3
Malwarebytes
Malwarebytes
added 2022/03/24 11:20 a.m.155 views

Update now! Many HP printers affected by three critical security vulnerabilities

In two security advisories, HP has alerted users to the existence of security vulnerabilities in several of its printer models. In total, four vulnerabilities were patched, but three of those vulnerabilities are rated critical, and all of them can lead to remote code execution RCE when exploited...

10CVSS8.9AI score0.07022EPSS
Exploits0
OSV
OSV
added 2022/02/04 11:15 p.m.5 views

CVE-2021-21960

A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability...

10CVSS6.4AI score0.02639EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.7 views

PT-2022-9214 · Sealevel Systems · Seaconnect 370W

Name of the Vulnerable Software and Affected Versions: Sealevel Systems, Inc. SeaConnect 370W version 1.3.34 Description: A stack-based buffer overflow issue exists in the LLMNR functionality, allowing remote code execution through a specially-crafted network packet. An attacker can exploit this ...

10CVSS9.9AI score0.02639EPSS
Exploits1References2
OSV
OSV
added 2022/02/01 11:15 a.m.3 views

DEBIAN-CVE-2020-8562

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...

3.1CVSS6.1AI score0.01082EPSS
Exploits0References1
OSV
OSV
added 2022/02/01 11:15 a.m.3 views

UBUNTU-CVE-2020-8562

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a...

3.1CVSS6.1AI score0.01082EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/01/21 12:0 a.m.9 views

PT-2022-1903 · Hewlett Packard +1 · Hp Digital Sending +2

Name of the Vulnerable Software and Affected Versions: SourceCodester Sanitization Management System affected versions not specified HP Print and HP Digital Sending products affected versions not specified Description: A vulnerability was found in the SourceCodester Sanitization Management System...

8.3CVSS7.7AI score0.00695EPSS
Exploits0References12
OSV
OSV
added 2021/09/23 3:15 a.m.5 views

CVE-2021-34767

A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 L2 loop in a configured VLAN, resulting in a denial of service DoS condition for that...

7.4CVSS5.8AI score0.00757EPSS
Exploits0References1
OSV
OSV
added 2021/09/06 12:15 p.m.7 views

UBUNTU-CVE-2021-25737

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

4.8CVSS6.9AI score0.01332EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/06 11:32 a.m.35 views

CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...

2.7CVSS5.5AI score0.01332EPSS
Exploits0References3
Veracode
Veracode
added 2021/08/23 5:8 a.m.25 views

Open Redirection

kunerbetes is vulnerable to open redirection. An authorized user is able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses...

4.8CVSS2.3AI score0.01332EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/08/19 12:0 a.m.32 views

Cisco Adaptive Security Appliance Software OSPFv2 Link-Local Signaling DoS (cisco-sa-asaftd-ospflls-37Xy2q6r)

According to its self-reported version, Cisco Adaptive Security Appliance Software is affected by a vulnerability in the OSPF Version 2 OSPFv2 implementation that allows an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The...

8.6CVSS7.5AI score0.01415EPSS
Exploits0References4
OSV
OSV
added 2021/07/02 3:25 p.m.9 views

SUSE-SU-2021:2239-1 Security update for crmsh

This update for crmsh fixes the following issues: Update to version 4.3.1+20210624.67223df2: - Fix: ocfs2: Skip verifying UUID for ocfs2 device on top of raid or lvm on the join node bsc1187553 - Fix: history: use Path.mkdir instead of mkdir commandbsc1179999, CVE-2020-35459 - Dev: crashtest: Add...

7.8CVSS7.7AI score0.00675EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2020/12/11 12:0 a.m.4 views

PT-2020-15009 · Fnet · Fnet

Name of the Vulnerable Software and Affected Versions: FNET versions through 4.6.4 Description: An issue was discovered in the code for processing the hostname from an LLMNR request, which doesn't check for '0' termination. This may lead to Information Disclosure in fnet llmnr poll in fnet llmnr....

9.1CVSS9AI score0.03039EPSS
Exploits0References10
Rows per page
Query Builder