102 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-17452
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request...
Linux Distros Unpatched Vulnerability : CVE-2019-19241
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.4.2, the iouring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is relat...
CVE-2023-7060
Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address...
Configure the nftables Policies for Loopback Properly
The loopback address 127.0.0.0/8 is a special address on a server. It is irrelevant to NICs and is mainly used for the inter-process communication of a local device. Packets with the source address 127.0.0.0/8 from NICs should be discarded. If policies related to the loopback address are improper...
Server-Side Request Forgery (SSRF)
github.com/imgproxy/imgproxy is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper restriction of loopback addresses, allowing access to local services by not blocking the 0.0.0.0 address even when IMGPROXYALLOWLOOPBACKSOURCEADDRESSES is set to false...
GHSA-J2HP-6M75-V4J4 imgproxy is vulnerable to SSRF against 0.0.0.0
Summary Imgproxy does not block the 0.0.0.0 address, even with IMGPROXYALLOWLOOPBACKSOURCEADDRESSES set to false. This can expose services on the local host. Details imgproxy protects against SSRF against a loopback address with the following check source: if !config.AllowLoopbackSourceAddresses ...
Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...
GHSA-W8GR-XWP4-R9F7 Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost/ or http://127.0.0.1/, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...
Local Host Access Bypass
Directus is vulnerable to a Local Host Access Bypass. The vulnerability is due to improper filtering of loopback addresses, where only 127.0.0.1 is blocked, but other 127.X.X.X addresses can bypass restrictions, allowing an attacker to gain unauthorized access to local services...
Keycloak: Vulnerable Redirect URI Validation Results in Open Redirec
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...
GHSA-68G8-C275-XF2M Directus vulnerable to SSRF Loopback IP filter bypass
Impact If you're relying on blocking access to localhost using the default 0.0.0.0 filter this can be bypassed using other registered loopback devices like 127.0.0.2 - 127.127.127.127 Workaround You can block this bypass by manually adding the 127.0.0.0/8 CIDR range which will block access to any...
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moby is an open source container framework originally developed by Docker Inc. as Docker. It is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. As a batteries-included container runtime, Moby comes with a built-in networking implementati...
PT-2024-15189 · Zephyr Os · Zephyr Os
Name of the Vulnerable Software and Affected Versions: Zephyr OS affected versions not specified Description: The issue concerns the handling of IP packets in Zephyr OS. Specifically, it does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.0.1 o...
CLSA-2023-1686586528 Fix CVE(s): CVE-2020-1938, CVE-2022-42252
SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP...
CVE-2022-29840
Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...
CVE-2018-17452
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...
Server side request forgery (ssrf)
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...
UBUNTU-CVE-2018-17452
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...
GitLab 代码问题漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab, which stems from a server-side reque...
PT-2023-10699 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab Community and Enterprise Edition versions 11.1.0 through 11.1.7 GitLab Community and Enterprise Edition versions 11.2.0 through 11.2.4 GitLab Community and Enterprise Edition versions 11.3.0 through 11.3.1 Description: An issue was...