129 matches found
DNS Rebinding Attack
firefox is vulnerable to DNS rebinding attack. The vulnerability exists as DNS over HTTPS intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver, and when a IPv4 address was mapped through IPv6...
Debian DLA-2457-1 : firefox-esr security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack. For Debian 9 stretch, these problems have been fixed in version...
[SECURITY] [DLA 2457-1] firefox-esr security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2457-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 19, 2020 https://wiki.debian.org/LTS -...
Updated firefox and nss packages fix security vulnerabilities
When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timing side-channel...
CVE-2020-26961
When DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped through IPv6, these addresses were erroneously let through, leading to a potential DNS Rebinding...
The vulnerability of the BIND DNS server’s forwarding directive configuration allows a attacker to perform a DNS Rebinding attack.
The vulnerability of the Forwarders directive configuration of the DNS BIND server is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker operating remotely to carry out a DNS Rebinding type attack...
The vulnerability of the web interface of the microprogramming software for the Technicolor TC7230 allows a attacker to perform a DNS Rebinding attack.
The vulnerability of the web interface of the microprogramming software for the Technicolor TC7230 router is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to carry out a DNS Rebinding attack remotely...
OpenLambda has an unspecified vulnerability
OpenLambda is an open source serverless computing platform written in the Go language. A security vulnerability exists in the 2019-09-10 release of OpenLambda. An attacker can exploit the vulnerability to perform a DNS rebinding attack on OL servers...
F5 Networks BIG-IP : NodeJS vulnerability (K63025104)
The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the...
Fedora 28 : knot-resolver (2018-c894f896fd)
Knot Resolver 2.4.0 2018-07-03 ================================ Incompatible changes -------------------- - minimal libknot version is now 2.6.7 to pull in latest fixes 366 Security -------- - fix a rare case of zones incorrectly dowgraded to insecure status !576 New features ------------ - TLS...
Singularity - A DNS Rebinding Attack Framework
Singularity of Origin is a tool to perform DNS rebinding attacks. It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine. It also ships with...
Fedora 27 : knot-resolver (2018-50d055a5af)
Knot Resolver 2.4.0 2018-07-03 ================================ Incompatible changes -------------------- - minimal libknot version is now 2.6.7 to pull in latest fixes 366 Security -------- - fix a rare case of zones incorrectly dowgraded to insecure status !576 New features ------------ - TLS...
Design/Logic Flaw
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11316
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
PT-2018-10474 · Roku · Roku
Name of the Vulnerable Software and Affected Versions: Roku and Roku TV products affected versions not specified Description: The issue allows unauthorized access to the device via a DNS Rebind attack, potentially resulting in remote device control and the exfiltration of privileged device and...
GLSA-201806-07 : Transmission: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201806-07 Transmission: Remote code execution A vulnerability was discovered in how Transmission handles access control through the X-Transmission-Session-Id. Impact : A remote attacker could execute arbitrary RFC commands or...
CVE-2018-11315
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat theat request that accesses a device purchased in the Spring of 2018, and sets a...
Information disclosure
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat theat request that accesses a device purchased in the Spring of 2018, and sets a...
CVE-2018-11315
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat theat request that accesses a device purchased in the Spring of 2018, and sets a...
CVE-2018-11315
CVE-2018-11315 affects Radio Thermostat CT50/CT80 Local HTTP API (firmware 1.04.84 and earlier). The vulnerability arises from unauthorized access enabled by DNS rebinding, enabling a remote attacker to issue commands via the Local HTTP API and, as described, potentially control device temperatur...