CVE-2022-47909 LQL Injection in Livestatus HTTP headers

Livestatus Query Language LQL injection in the AuthUser HTTP query header of Tribe29's Checkmk = 2.1.0p11, Checkmk = 2.0.0p28, and all versions of Checkmk 1.6.0 EOL allows an attacker to perform direct queries to the application's core from localhost...

PT-2023-15524 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions 1.6.0 through 2.1.0p11 Checkmk versions 2.0.0 through 2.0.0p28 Description: The issue allows an attacker to perform direct queries to the application's core from localhost by injecting Livestatus Query Language LQL in the...

SUSE CVE-1999-0195

Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1...

SUSE CVE-2004-0789

Multiple implementations of the DNS protocol, including 1 Poslib 1.0.2-1 and earlier as used by Posadis, 2 Axis Network products before firmware 3.13, and 3 Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service CPU and network bandwidth...

SUSE CVE-2007-3278

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

SUSE CVE-2007-3922

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

SUSE CVE-2008-3104

Multiple unspecified vulnerabilities in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.218, and SDK and JRE 1.3.x before 1.3.123 allow remote attackers to violate the security model for an applet's outbound...

SUSE CVE-2008-5345

Unspecified vulnerability in Java Runtime Environment JRE with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make...

SUSE CVE-2009-1104

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.219 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted...

SUSE CVE-2012-6094

cups Common Unix Printing System 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system...

SUSE CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

SUSE CVE-2017-18190

A localhost.localdomain whitelist entry in validhost in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS serve...

SUSE CVE-2018-1099

DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost or any other address...

SUSE CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...

SUSE CVE-2018-7160

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...

SUSE CVE-2018-10857

git-annex is vulnerable to a private data exposure and exfiltration attack. It could expose the content of files located outside the git-annex repository, or content from a private web server on localhost or the LAN...

SUSE CVE-2018-12120

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...

SUSE CVE-2018-17452

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery SSRF via a loopback address to the validatelocalhost function in urlblocker.rb...

SUSE CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

SUSE CVE-2018-18506

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration PAC file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is...