EUVD-2022-3560

Malicious code in bioql PyPI...

Security Bulletin: IBM App Connect Enterprise Certified Container operands have unnecessary external access [CVE-2022-43916]

Summary Some of the IBM App Connect Enterprise Certified Container Pods in a deployed environment have unnecessary external network access. This bulletin provides patch information to address the network access. CVE-2022-43916 Vulnerability Details CVEID:CVE-2022-43916 DESCRIPTION: IBM App Connec...

GHSA-5Q9X-554G-9JGG SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)

SurrealDB offers http functions that can access external network endpoints. A typical, albeit not recommended configuration would be to start SurrealDB with all network connections allowed with the exception of a deny list. For example, surreal start --allow-net --deny-net 10.0.0.0/8 will allow a...

CVE-2024-22315

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...

CVE-2024-22315

IBM Fusion and IBM Fusion HCI 2.3.0 through 2.8.2 is vulnerable to insecure network connection by allowing an attacker who gains access to a Fusion container to establish an external network connection...

PT-2024-10439 · Ibm · Ibm Fusion Hci +1

Name of the Vulnerable Software and Affected Versions: IBM Fusion and IBM Fusion HCI versions 2.3.0 through 2.8.2 Description: The issue is related to insufficient restriction of the communication channel for given endpoints, which may allow an attacker to gain unauthorized access to protected...

CVE-2021-33190

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

Spoofing

In Weidmüller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this vulnerability the device may be manipulated or the operation may be stopped...

Elasticsearch ESA-2018-19

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learnings findfilestructure API. If a policy allowing external network access has been added to Elasticsearchs Java Security Manager then an attacker could send a specially crafted request capable of leaking content of...

SuperMicro IPMI 4 9 1 5 2 port password leak vulnerability-vulnerability warning-the black bar safety net

2014.06.20 SuperMicro IPMI 4 9 1 5 2 port password leak vulnerability is the foreign media communications http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/）,the spirit of the vulnerability of the curious, this article on the...

vino: vino-preferences incorrectly indicates that computer is only reachable over local network

Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks...

LinkSys Wireless-G administrative access

Web administration interface is available from external network even if turned off administratively...