35 matches found
SUSE CVE-2026-46527
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...
CVE-2021-47791 SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service
SmartFTP Client 10.0.2909.0 contains multiple denial of service vulnerabilities that allow attackers to crash the application through specific input manipulation. Attackers can trigger crashes by entering malformed paths, using invalid IP addresses, or clearing connection history in the client's...
EUVD-2017-15223
Malware in sbrugna...
EUVD-2017-15039
Malware in sbrugna...
EUVD-2011-0403
Malware in sbrugna...
EUVD-2012-5928
Malware in sbrugna...
EUVD-2023-31824
Malicious code in bioql PyPI...
EUVD-2022-53416
Malicious code in bioql PyPI...
CVE-2023-28099
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...
BIT-NODE-MIN-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
CVE-2023-28099 OpenSIPS has vulnerability in the ds_is_in_list() function
OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.9 and 3.2.6, if dsisinlist is used with an invalid IP address string NULL is illegal input, OpenSIPS will attempt to print a string from a random address stack garbage, which could lead to a crash. All user...
SUSE CVE-2017-5970
The ipv4pktinfoprepare function in net/ipv4/ipsockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service system crash via 1 an application that makes crafted system calls or possibly 2 IPv4 traffic with invalid IP options...
SUSE CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
AZL-11577 CVE-2022-43548 affecting package nodejs for versions less than 16.18.1-2
A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...
nodejs: DNS rebinding in --inspect via invalid IP addresses
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
nodejs: DNS rebinding in --inspect via invalid IP addresses
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
nodejs: DNS rebinding in --inspect via invalid IP addresses
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
nodejs: DNS rebinding in --inspect via invalid IP addresses
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
Node.js: DNS rebinding in --inspect (again) via invalid IP addresses
A vulnerability was discovered in the Node.js debugger that allowed an attacker to gain access to the debugger and potentially execute remote code. This was possible due to a flaw in the IsAllowedHost check, which did not properly validate invalid IP addresses, allowing for DNS rebinding attacks...
Unable to use TLS/SSL LDAP Auth after ADM upgrade to latest build 13.0-71.40 - TLS Handshake fails with "Unknown CA"
After upgrading ADM to latest build 13.0-71.40 External Authentication fails when LDAP Server is configured using Security type SSL and TLS. When retrieving Attributes on LDAP Server config from ADM GUI throw this error :: "LDAP IP Address or Port Number provided is invalid." Network trace shows...