31 matches found
CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...
CVE-2026-50628 Apache CXF: OAuth2: Inverted IP Binding Check Defeats Security Control
A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...
CVE-2026-50628
CVE-2026-50628 concerns Apache CXF’s OAuthRequestFilter, where a logic error creates an inverted IP binding check: legitimate requests from the bound IP are rejected while requests from other IPs are allowed. Red Hat’s advisory attributes this to the OAuthRequestFilter component of CXF and notes ...
CVE-2026-0481
Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...
CVE-2026-0481
Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...
CVE-2026-0481
Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially resulting in loss of availability...
AMD Device Metrics Exporter (ROCm ecosystem) Vulnerability
CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2026-0481| Unrestricted IP address binding in the AMD Device Metrics Exporter ROCm ecosystem could allow a remote attacker to perform unauthorized changes to the GPU configuration, potentially...
Tenda F456 缓冲区错误漏洞
The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer error vulnerability. This vulnerability stems from the operation of the parameter “page” in the goform/SetIpBind function within the httpd component, which may lead to a...
Binding to an Unrestricted IP Address
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address via ensureChromeExtensionRelayServer. An attacker can access relay HTTP endpoints from off-host locations by passing a wildcard cdpUrl, potentially...
CVE-2023-53968
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...
CVE-2023-53968
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts...
CVE-2023-53968
Affected product: Screen SFT DAB 600/C firmware 1.9.3. Vulnerability: session management flaw that binds sessions to IP addresses, enabling authentication bypass. An attacker can reuse the same IP to issue unauthorized requests to the userManager API and remove user accounts without proper authen...
CVE-2025-62329
HCL DevOps Deploy / HCL Launch are affected by a race condition in the HTTP session client-IP binding enforcement, which may allow a session to be briefly reused from a new IP address before invalidation. This could lead to unauthorized access under certain network conditions. Affected products a...
CVE-2025-36360
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...
CVE-2025-36360
IBM UCD - IBM UrbanCode Deploy 7.1 through 7.1.2.27, 7.2 through 7.2.3.20, and 7.3 through 7.3.2.15 and IBM UCD - IBM DevOps Deploy 8.0 through 8.0.1.10, and 8.1 through 8.1.2.3 is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefl...
IBM UrbanCode Deploy(IBM UCD)和IBM DevOps Deploy 代码问题漏洞
IBM UrbanCode Deploy IBM UCD and IBM DevOps Deploy are both products of International Business Machines IBM.IBM UrbanCode Deploy is a suite of application automation deployment tools. The tool is based on an application deployment automation management information model, and through remote agent...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the insecure default binding of the Java Debug Wire Protocol JDWP port to all network interfaces when debug mode is enabled. An attacker can gain unauthorized access to the Java virtual machi...
CVE-2025-61934
A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and folders on the...
CVE-2025-61934
CVE-2025-61934 affects AutomationDirect Productivity Suite, version v4.4.1.19 . A vulnerability described as a binding to an unrestricted IP address allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read, write, or delete arbitrary files and fold...
EUVD-2020-19114
Malware in sbrugna...