Lucene search
K

11 matches found

RedHat Linux
RedHat Linux
added 2021/11/09 6:32 p.m.10 views

python-ipaddress: Improper input validation of octal strings

A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to...

9.8CVSS6.9AI score0.06827EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/11/09 5:54 p.m.5 views

python-ipaddress: Improper input validation of octal strings

A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to...

9.8CVSS6.9AI score0.06827EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/08/24 12:50 p.m.5 views

python-ipaddress: Improper input validation of octal strings

A flaw was found in python-ipaddress. Improper input validation of octal strings in stdlib ipaddress allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on Python stdlib ipaddress. The highest threat from this vulnerability is to...

9.8CVSS6.9AI score0.06827EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2021/08/24 12:0 a.m.155 views

RHEL 7 : rh-python38 (RHSA-2021:3254)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3254 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

9.8CVSS8AI score0.35963EPSS
Exploits12References35
OSV
OSV
added 2021/06/01 11:56 a.m.7 views

USN-4973-1 python3.8 vulnerability

It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions...

9.8CVSS6.9AI score0.06827EPSS
Exploits1References2
Prion
Prion
added 2021/04/01 1:15 p.m.20 views

Input validation

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs...

6.4CVSS7AI score0.16356EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2021/04/01 12:33 p.m.160 views

CVE-2021-28918

CVE-2021-28918 affects the Node.js netmask module (v1.0.6 and earlier). The vulnerability is due to improper handling of mixed-format IP addresses, allowing a remote attacker to perform SSRF, RFI, and LFI via specially crafted octal literals and reach internal VPNs, LANs, intranets, or adjacent h...

9.1CVSS7AI score0.16356EPSS
Exploits1References7Affected Software1
Malwarebytes
Malwarebytes
added 2021/03/31 12:28 p.m.57 views

The npm netmask vulnerability explained so you can actually understand it

The popular npm netmask library recently encountered a serious problem, explained as follows: The npm netmask package incorrectly evaluates individual ipv4 octets that contain octal strings as left-stripped integers, leading to an inordinate attack surface on hundreds of thousands of projects tha...

6.4CVSS7.5AI score0.16356EPSS
Exploits1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)

No description provided by source. $Id: ms07029msdnszonename.rb 9929 2010-07-25 21:37:54Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

7.1AI score
Exploits0
Metasploit
Metasploit
added 2010/07/25 9:37 p.m.39 views

MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)

This module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. This modul...

10CVSS0.2AI score0.79128EPSS
Exploits17
Metasploit
Metasploit
added 2010/07/25 9:37 p.m.43 views

MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (TCP)

This module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. This modul...

10CVSS7.3AI score0.79128EPSS
Exploits17
Rows per page
Query Builder