Lucene search
K

132 matches found

OSV
OSV
added 2022/12/05 10:15 p.m.2 views

ALPINE-CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS7.3AI score0.14024EPSS
Exploits0References1
OSV
OSV
added 2022/12/05 10:15 p.m.2 views

UBUNTU-CVE-2022-43548

A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...

8.1CVSS6.8AI score0.14024EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/09/20 12:27 p.m.5 views

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

8.1CVSS7.7AI score0.05614EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/15 7:20 p.m.70 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-7160 DESCRIPTION: Node.js...

8.8CVSS7.8AI score0.10782EPSS
Exploits0Affected Software5
RedHat Linux
RedHat Linux
added 2022/09/13 9:59 a.m.5 views

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

8.1CVSS7.7AI score0.05614EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/09/08 7:45 a.m.3 views

nodejs: DNS rebinding in --inspect via invalid IP addresses

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...

8.1CVSS7.7AI score0.05614EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/09/07 1:50 p.m.7 views

CVE-2022-31149 ActivityWatch vulnerable to DNS rebinding attack

ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a...

8.8CVSS9.4AI score0.00964EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/07 12:0 a.m.4 views

ActivityWatch 安全漏洞

ActivityWatch is a free and open source automated time tracker from ActivityWatch Open Source. A security vulnerability exists in versions of ActivityWatch prior to 0.12.0b2 that stems from vulnerability to DNS rebinding attacks, which can be exploited by an attacker to...

9.6CVSS8.2AI score0.00964EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.4 views

PT-2022-20564 · Unknown · Activitywatch

Name of the Vulnerable Software and Affected Versions: ActivityWatch versions prior to 0.12.0b2 Description: The issue allows attackers to perform DNS rebinding attacks, giving them full access to the ActivityWatch REST API. This impacts all users running the affected versions of ActivityWatch...

9.6CVSS9.2AI score0.00964EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2022/07/22 12:0 a.m.31 views

F5 Networks BIG-IP : BIG-IP APM Edge Client proxy vulnerability (K30525503)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5.1 / 16.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K30525503 advisory. - In all versions before 7.2.1.4, when proxy settings are configured in the network access...

5.3CVSS5.8AI score0.00404EPSS
Exploits0References2
OSV
OSV
added 2022/07/14 3:15 p.m.3 views

ALPINE-CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

8.1CVSS7.2AI score0.05614EPSS
Exploits0References1
OSV
OSV
added 2022/07/14 3:15 p.m.1 views

DEBIAN-CVE-2022-32212

A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...

8.1CVSS6.6AI score0.05614EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:8 a.m.66 views

Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding

Withdrawn Advisory This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the legacy debugger at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a supported ecosystem. Original Descriptio...

8.8CVSS8.5AI score0.09916EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/25 8:15 p.m.5 views

CVE-2022-23032

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support EoTS are not...

5.3CVSS5.8AI score0.00404EPSS
Exploits0References2
CVE
CVE
added 2022/01/25 7:11 p.m.137 views

CVE-2022-23032

CVE-2022-23032 affects BIG-IP APM Edge Client proxy handling. Concrete details from connected docs: in all versions prior to 7.2.1.4, if proxy settings are configured in the network access resource, BIG-IP Edge Client for Mac and Windows is vulnerable to a DNS rebinding attack that can expose pro...

5.3CVSS5.6AI score0.00404EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.10 views

F5 BIG-IP APM 访问控制错误漏洞

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM suffers from an Access Control Error vulnerability that arises from a connection to the BIG-IP Edge Client on Mac and Windows wh...

5.3CVSS5.8AI score0.00404EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/06/10 12:0 a.m.377 views

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14548-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14548-1 advisory. - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption vi...

9.6CVSS8.6AI score0.5063EPSS
Exploits3References26
Ubuntu
Ubuntu
added 2021/03/15 9:18 p.m.116 views

USN-4796-1: Node.js vulnerabilities

Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...

8.8CVSS7.6AI score0.41288EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/02/04 12:0 a.m.73 views

Oracle Linux 6 : firefox (ELSA-2020-5257)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5257 advisory. 78.5.0-1.0.1 - Fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 78.5.0-1 - Update to 78.5.0 build1...

9.3CVSS7.4AI score0.0247EPSS
Exploits1References11
Amazon
Amazon
added 2021/01/07 12:0 a.m.89 views

Important: thunderbird

Issue Overview: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timi...

9.3CVSS9.1AI score0.0247EPSS
Exploits1
Rows per page
Query Builder