Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2025/12/09 10:26 p.m.6 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00447EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/19 8:16 a.m.4 views

python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS5.9AI score0.00447EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/12 4:35 p.m.9 views

CVE-2025-59088 Python-kdcproxy: unauthenticated ssrf via realm‑controlled dns srv

If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...

8.6CVSS0.00447EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2021/10/26 2:15 p.m.3 views

CVE-2021-41158

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

7.5CVSS7.2AI score0.00799EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder