IBM Loopback 安全漏洞

IBM Loopback is a U.S. IBM NodeJs-based API framework. The framework can support NodeJs applications and most major databases , IOS, Android and other devices , data sources , configuration sources to interact . Loopback version 8.0.0 suffers from an injection vulnerability that allows an attacke...

CVE-2020-4988

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

FRITZ!Box 7.20 DNS Rebinding Protection Bypass

Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism. Details ======= Product:...

CVE-2020-15233

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback...

Design/Logic Flaw

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback...

CVE-2020-15233 OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback...

PT-2020-5861

Name of the Vulnerable Software and Affected Versions: Coturn versions prior to 4.5.2 Description: The issue is related to incorrect input validation in Coturn, a free open source implementation of TURN and STUN Server. By sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a...

Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode.

...

FreeBSD : FreeBSD -- IPv6 Hop-by-Hop options use-after-free bug (74bbde13-ec17-11ea-88f8-901b0ef719ab)

Due to improper mbuf handling in the kernel, a use-after-free bug might be triggered by sending IPv6 Hop-by-Hop options over the loopback interface. Impact : Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic. C Tenable Network Security, Inc...

Information Disclosure

loopback is vulnerable to information disclosure. Invalid API requests to the login endpoint may return information about the first user in the database...

@cc_server/api (>=1.4.0 <=1.7.0), agneta-platform (>=0.13.0-beta.1 <=0.13.0-beta.9) +7 more potentially affected by unknown CVE via loopback (>=3.11.1 <=3.23.0)

loopback NPM version =3.11.1, =1.4.0, =0.13.0-beta.1, =0.0.5, =0.0.39 Source cves: unknown CVE Source advisory: OSV:GHSA-724C-6VRF-99RQ...

GHSA-724C-6VRF-99RQ Sensitive Data Exposure in loopback

Versions of loopback prior to 3.26.0 3.x and 2.42.0 2.x are vulnerable to Sensitive Data Exposure. Invalid API requests to the login endpoint may return information about the first user in the database. This can be used alongside other attacks for credential theft. Recommendation If you're using...

Sensitive Data Exposure in loopback

Versions of loopback prior to 3.26.0 3.x and 2.42.0 2.x are vulnerable to Sensitive Data Exposure. Invalid API requests to the login endpoint may return information about the first user in the database. This can be used alongside other attacks for credential theft. Recommendation If you're using...

agneta-platform (>=0.13.0-beta.1 <=0.13.0-beta.9), that-loopback-library (>=0.0.5 <=0.0.39) potentially affected by unknown CVE via loopback (>=3.11.1 <=3.18.2)

loopback NPM version =3.11.1, =0.13.0-beta.1, =0.0.5, =0.0.39 Source cves: unknown CVE Source advisory: OSV:GHSA-8WGC-JJVV-CV6V...

GHSA-8WGC-JJVV-CV6V Improper Authorization in loopback

Vulnerable versions of loopback may allow attackers to create Authentication Tokens on behalf of other users due to Improper Authorization. If the AccessToken model is publicly exposed, an attacker can create Authorization Tokens for any user as long as they know the target's userId. This will...

Improper Authorization in loopback

Vulnerable versions of loopback may allow attackers to create Authentication Tokens on behalf of other users due to Improper Authorization. If the AccessToken model is publicly exposed, an attacker can create Authorization Tokens for any user as long as they know the target's userId. This will...

NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...

GHSA-HXWC-5VW9-2W4W NoSQL Injection in loopback-connector-mongodb

Versions of loopback-connector-mongodb prior to 3.6.0 are vulnerable to NoSQL Injection. Filters passed to the database query are not properly sanitized which leads to execution of code on the database driver and data leak. Recommendation Upgrade to version 3.6.0 or later...

FreeBSD -- IPv6 Hop-by-Hop options use-after-free bug

Problem Description: Due to improper mbuf handling in the kernel, a use-after-free bug might be triggered by sending IPv6 Hop-by-Hop options over the loopback interface. Impact: Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic...

CVE-2020-8555

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...