Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the --addr-pool option when a subnet mask is not specified. An attacker can gain unauthorized access by connecting from any IPv4 address, bypassing intended IP-based access restrictions...

CVE-2024-39516

An Out-of-Bounds Read vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service DoS. Continued...

Vulnerabilities in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177)

OpenPrinting CUPS is the most current version of CUPS, a standards-based, open source printing system for Linux® and other Unix®-like operating systems. Several security vulnerabilities have been disclosed in the OpenPrinting Common Unix Printing System CUPS on Linux systems that could permit...

GHSA-PMRX-695R-4349 dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDRANY 0.0.0.0 or IN6ADDRANY :: exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDRANY by passing "" as the address. This...

The vulnerability of the Avira Phantom VPN client—a security solution for Cisco Secure Client endpoints (formerly known as Cisco AnyConnect Secure Mobility Client)—allows a perpetrator to gain access to internal network traffic from any IP address.

The vulnerability of the Avira Phantom VPN client, a security solution for Cisco Secure Client formerly Cisco AnyConnect Secure Mobility Client, relates to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain access to internal network...

CVE-2022-24073

The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store...

grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL

An SSRF incorrect access control vulnerability was found in Grafana regarding the avatar feature, allowing any unauthenticated user or client to make Grafana send HTTP requests to any URL and then return its result to the user or client. Additionally, the same issue can create a NULL pointer...

D-LINK Central WifiManager CWM-100 Server-Side Request Forgery Vulnerability

D-LINK Central WifiManager CWM-100 is D-LINK centralized wireless management software. The MailConnect feature on the D-Link Central WiFiManager CWM-100 1.03 r0098 device is used to check connections to SMTP servers, but actually allows outbound TCP to any port on any IP address, resulting in SSR...