7 matches found
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreatePreheat process and peer-to-peer communication mechanisms. An attacker can access internal network resources by supplying crafted URLs to API endpoints or by leveraging peer requests,...
GHSA-G2RQ-JV54-WCPR Dragonfly vulnerable to server-side request forgery
Impact There are multiple server-side request forgery SSRF vulnerabilities in the DragonFly2 system. The vulnerabilities enable users to force DragonFly2’s components to make requests to internal services, which otherwise are not accessible to the users. One SSRF attack vector is exposed by the...
Libreswan 安全漏洞
Libreswan is an IPsec implementation similar to Openswan, which is primarily used to ensure security and integrity issues in data transmission. A security vulnerability exists in Libreswan that stems from the default proposal handler of libreswan asserting failure and crashing and restarting when...