Lucene search
K

27 matches found

OSV
OSV
added 2022/07/02 12:0 a.m.25 views

GHSA-H9CW-7G8J-H66H Server-Side Request Forgery in link-preview-js

The package link-preview-js before 2.1.17 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...

5.5CVSS5.9AI score0.00363EPSS
Exploits1References5
OSV
OSV
added 2022/07/01 8:15 p.m.1 views

CVE-2022-25876

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...

5.5CVSS5.9AI score0.00363EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/07/01 8:0 p.m.28 views

CVE-2022-25876 Server-side Request Forgery (SSRF)

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery SSRF which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection...

6.2CVSS6.5AI score0.00363EPSS
Exploits1References3
CVE
CVE
added 2022/07/01 8:0 p.m.75 views

CVE-2022-25876

CVE-2022-25876 affects the npm package link-preview-js prior to version 2.1.16. The vulnerability is Server-side Request Forgery (SSRF) caused by flawed DNS rebinding protection, allowing an attacker to make arbitrary requests from the vulnerable host to the local network and read responses. Affe...

6.2CVSS5.6AI score0.00363EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/03/10 11:2 p.m.8 views

OPENSUSE-SU-2022:0079-1 Security update for minidlna

This update for minidlna fixes the following issues: minidlna was updated to version 1.3.1 boo1196814 - Fixed a potential crash in SSDP request parsing. - Fixed a configure script failure on some platforms. - Protect against DNS rebinding attacks. CVE-2022-26505 - Fix an socket leakage issue on...

7.4CVSS7.6AI score0.01578EPSS
Exploits0References4
Slackware Linux
Slackware Linux
added 2020/04/15 8:47 p.m.11 views

[slackware-security] bind

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.18-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: DNS rebinding protection was ineffective wh...

6.9AI score
Exploits0
OSV
OSV
added 2020/01/28 3:15 a.m.19 views

CVE-2019-5464

A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the urlblocker.rb which could result in SSRF where the library is utilized...

9.8CVSS6.5AI score
Exploits0References3
Rows per page
Query Builder