132 matches found
ALPINE-CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...
UBUNTU-CVE-2022-43548
A OS Command Injection vulnerability exists in Node.js versions 14.21.1, 16.18.1, 18.12.1, 19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Th...
nodejs: DNS rebinding in --inspect via invalid IP addresses
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2018-7160 DESCRIPTION: Node.js...
nodejs: DNS rebinding in --inspect via invalid IP addresses
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
nodejs: DNS rebinding in --inspect via invalid IP addresses
A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided for instance, 10.0.2.555 is provided, browsers such as Firefox will make DNS requests ...
CVE-2022-31149 ActivityWatch vulnerable to DNS rebinding attack
ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a...
ActivityWatch 安全漏洞
ActivityWatch is a free and open source automated time tracker from ActivityWatch Open Source. A security vulnerability exists in versions of ActivityWatch prior to 0.12.0b2 that stems from vulnerability to DNS rebinding attacks, which can be exploited by an attacker to...
PT-2022-20564 · Unknown · Activitywatch
Name of the Vulnerable Software and Affected Versions: ActivityWatch versions prior to 0.12.0b2 Description: The issue allows attackers to perform DNS rebinding attacks, giving them full access to the ActivityWatch REST API. This impacts all users running the affected versions of ActivityWatch...
F5 Networks BIG-IP : BIG-IP APM Edge Client proxy vulnerability (K30525503)
The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.5 / 15.1.5.1 / 16.1.2.2. It is, therefore, affected by a vulnerability as referenced in the K30525503 advisory. - In all versions before 7.2.1.4, when proxy settings are configured in the network access...
ALPINE-CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
DEBIAN-CVE-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
Withdrawn Advisory This advisory has been withdrawn because this vulnerability affects inspector code in https://github.com/nodejs/node, not the legacy debugger at https://github.com/node-inspector/node-inspector. https://github.com/nodejs/node is not in a supported ecosystem. Original Descriptio...
CVE-2022-23032
In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support EoTS are not...
CVE-2022-23032
CVE-2022-23032 affects BIG-IP APM Edge Client proxy handling. Concrete details from connected docs: in all versions prior to 7.2.1.4, if proxy settings are configured in the network access resource, BIG-IP Edge Client for Mac and Windows is vulnerable to a DNS rebinding attack that can expose pro...
F5 BIG-IP APM 访问控制错误漏洞
F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM suffers from an Access Control Error vulnerability that arises from a connection to the BIG-IP Edge Client on Mac and Windows wh...
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14548-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14548-1 advisory. - Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption vi...
USN-4796-1: Node.js vulnerabilities
Alexander Minozhenko and James Bunton discovered that Node.js did not properly handle wildcards in name fields of X.509 TLS certificates. An attacker could use this vulnerability to execute a machine-in-the-middle- attack. This issue only affected Ubuntu 14.04 ESM and 16.04 ESM. CVE-2016-7099 It...
Oracle Linux 6 : firefox (ELSA-2020-5257)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5257 advisory. 78.5.0-1.0.1 - Fix LDLIBRARYPATH - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one 78.5.0-1 - Update to 78.5.0 build1...
Important: thunderbird
Issue Overview: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timi...