Lucene search
K

111 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.3 views

SUSE CVE-2018-5814

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets...

5.3CVSS9.3AI score0.0038EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2022/04/21 12:0 a.m.10 views

Slackware: Security Advisory (SSA:2020-106-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OSV
OSV
added 2022/02/10 10:38 p.m.6 views

GHSA-FFM7-7R8G-77XM Apache CXF JMX Integration is vulnerable to a MITM attack

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the createMBServerConnectorFactory property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An attack...

5.3CVSS7.1AI score0.06147EPSS
Exploits0References8
OSV
OSV
added 2021/11/23 6:18 p.m.14 views

GHSA-MCXR-FX5F-96QQ Server-Side Request Forgery in Concrete CMS

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS5.4AI score0.00831EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/11/23 6:18 p.m.47 views

Server-Side Request Forgery in Concrete CMS

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS4.3AI score0.00831EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2021/11/19 7:15 p.m.47 views

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS0.00831EPSS
Exploits0References2
OSV
OSV
added 2021/11/19 7:15 p.m.4 views

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5.3CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2021/11/19 7:15 p.m.17 views

Design/Logic Flaw

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

5CVSS5.2AI score0.00831EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/11/19 6:8 p.m.54 views

CVE-2021-22969

Concrete CMS formerly concrete5 versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS ex AWS IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading...

6AI score0.00831EPSS
Exploits0References2
CVE
CVE
added 2021/11/19 6:8 p.m.75 views

CVE-2021-22969

CVE-2021-22969 affects Concrete CMS (formerly concrete5) versions below 8.5.7. The vulnerability is a Server-Side Request Forgery (SSRF) mitigation bypass via a DNS Rebind attack, enabling an attacker to access cloud IAM keys (e.g., AWS) by fetching credentials. The root cause is SSRF mitigation ...

5.3CVSS5.5AI score0.00831EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2021/10/13 1:27 p.m.34 views

Concrete CMS: SSRF mitigation bypass using DNS Rebind attack

We noticed that the upload functionality contains the ability to upload files from remote server, however there are some mitigations against accessing the AWS Instance Metadata service. We've managed to bypass these mitigations using DNS rebinding and we've managed to fetch the AWS IAM keys when...

5CVSS5.7AI score0.00831EPSS
Exploits0
Oracle linux
Oracle linux
added 2021/06/15 12:0 a.m.44 views

gupnp security update

1.0.2-6 + gupnp-1.0.3-3 - Fix DNS rebind issue - Resolves: 1964706...

8.1CVSS1.2AI score0.01084EPSS
Exploits0
Oracle linux
Oracle linux
added 2021/06/10 12:0 a.m.33 views

gupnp security update

1.0.6-2 + gupnp-1.0.6-2 - Fix DNS rebind issue - Resolves: 1964710...

8.1CVSS1.2AI score0.01084EPSS
Exploits0
OSV
OSV
added 2021/05/21 7:20 p.m.25 views

GHSA-HFG5-XPVW-C9X4 Improper Input Validation in Apache Camel

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel users should upgrade to 3.2.0...

7.5CVSS8.3AI score0.14331EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2021/05/21 7:20 p.m.86 views

Improper Input Validation in Apache Camel

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel users should upgrade to 3.2.0...

7.5CVSS4.3AI score0.14331EPSS
Exploits0References19Affected Software3
NVD
NVD
added 2021/04/25 7:15 p.m.22 views

CVE-2021-31718

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server including UPnP SOAP and GENA endpoints, leading to remote code execution...

8.8CVSS0.00956EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/04/22 12:0 a.m.24 views

lipupnp < 1.14.6 DNS Rebind Vulnerability (GHSA-6hqq-w3jq-9fhg)

libupnp is prone to a DNS rebind vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.5AI score0.00627EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/01 11:8 a.m.33 views

Security Bulletin: IBM Network Performance Insight 1.3.1 affected by Apache Cassandra vulnerability (CVE-2020-13946)

Summary IBM Network Performance Insight 1.3.1 affected by Apache Cassandra vulnerability CVE-2020-13946 Vulnerability Details CVEID: CVE-2020-13946 DESCRIPTION: Apache Cassandra is vulnerable to a man-in-the-middle attack, caused by a RMI rebind vulnerability. By manipulating the RMI registry, an...

5.9CVSS1AI score0.02951EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/09/10 7:15 p.m.2 views

DEBIAN-CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS6.8AI score0.04561EPSS
Exploits0References1
OSV
OSV
added 2020/09/10 7:15 p.m.4 views

UBUNTU-CVE-2020-13920

Apache ActiveMQ uses LocateRegistry.createRegistry to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to...

5.9CVSS6.8AI score0.04561EPSS
Exploits0References4
Rows per page
Query Builder