U.S. Dept Of Defense: SSRF in login page using fetch API exposes victims IP address to attacker controled server

Note: This is similar to my last report 991163. Summary: Server Side Request Forgery Exposes Victims Ip Address to External Server and which made attacker possible to determine physical location of Victim with IP Tracing. Description: Server Side Request Forgery is the critical vulnerability...

UBUNTU-CVE-2020-15669

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 68.12 and...

EulerOS Virtualization for ARM 64 3.0.6.0 : perl-File-Fetch (EulerOS-SA-2020-2022)

According to the version of the perl-File-Fetch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that perl can load modules from the current directory if not found in the module directories, via th...

Huawei EulerOS: Security Advisory for perl-File-Fetch (EulerOS-SA-2020-2022)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-15095)

Summary Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js CVE-2020-15095 Vulnerability Details Third Party Entry: 184667 DESCRIPTION: Node.js npm-registry-fetch module information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

Arbitrary Code Execution

mutt is vulnerable to arbitrary code execution. The vulnerability exists through a stack-based buffer overflow in imap/message.c through a FETCH response with a long INTERNALDATE field...

Information Disclosure

chromium-browser is vulnerable to information disclosure. The vulnerability exists in the fetch API of the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

Arbitrary Code Execution

mutt is vulnerable to arbitrary code execution. The vulnerability exists through a stack-based buffer. overflow during a FETCH response with a long RFC822 SIZE field...

Information Disclosure

firefox is vulnerable to information disclosure. When a Web Extension contains the all-urls permission and performed a fetch request with mode set to same-origin, an attacker will be able to read local files...

DEBIAN-CVE-2019-20919

An issue was discovered in the DBI module before 1.643 for Perl. The hvfetch documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOKprofile, causing a NULL pointer dereference...

Denial Of Service (DoS)

node-fetch is vulnerable to denial of service. The size option after following a redirect is not adhered to, which does not result in a FetchError being thrown and the process ending without failure when a content size was over the limit...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

DEBIAN-CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

UBUNTU-CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

Design/Logic Flaw

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168 File size limit bypass in node-fetch

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...

CVE-2020-15168

node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no...