Lucene search
+L

173 matches found

NVD
NVD
added 2020/12/31 10:15 a.m.35 views

CVE-2020-35857

An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...

7.5CVSS7.5AI score0.01439EPSS
Exploits1References2
CVE
CVE
added 2020/12/31 12:0 a.m.55 views

CVE-2020-35857

The CVE-2020-35857 entry applies to the trust-dns-server crate in Rust, prior to version 0.18.1. The issue arises from how MX and SRV null targets are handled, leading to stack consumption (stack overflow) when processing additional records for MX/SRV targets, potentially causing a crash and DOS....

7.5CVSS7.4AI score0.01439EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/09/04 5:25 p.m.27 views

GHSA-R4M5-47CQ-6QG8 Server-Side Request Forgery in ftp-srv

All versions of ftp-srv from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network...

7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/09/04 5:25 p.m.35 views

Server-Side Request Forgery in ftp-srv

All versions of ftp-srv from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network...

7.3AI score
Exploits0References3Affected Software1
NVD
NVD
added 2020/08/17 10:15 p.m.17 views

CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

9.1CVSS8.9AI score0.01859EPSS
Exploits0References3
OSV
OSV
added 2020/08/17 10:15 p.m.8 views

CVE-2020-15152

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

9.1CVSS8.9AI score
Exploits0References3
Cvelist
Cvelist
added 2020/08/17 9:55 p.m.31 views

CVE-2020-15152 Server-Side Request Forgery in ftp-srv

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...

9.1CVSS8.9AI score0.01859EPSS
Exploits0References3
CVE
CVE
added 2020/08/17 9:55 p.m.57 views

CVE-2020-15152

CVE-2020-15152 affects the ftp-srv npm package. It allows Server-Side Request Forgery via the PORT command, enabling the server to connect to arbitrary IPs. Affected versions are before 2.19.6, 3.1.2, and 4.3.4. Remediation: upgrade to 2.19.6, 3.1.2, 4.3.4 or later. A workaround noted in advisori...

9.1CVSS8.9AI score0.01859EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2020/08/17 9:44 p.m.5 views

@zpmc/zwd-server (>=0.0.14 <=0.0.21) potentially affected by CVE-2020-15152 via ftp-srv (=4.1.0)

ftp-srv NPM version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ftp-srv and may be impacted: - @zpmc/zwd-server =0.0.14, =0.0.21 Source cves: CVE-2020-15152 Source advisory: OSV:GHSA-JW37-5GQR-CF9J...

9.1CVSS7.2AI score0.01859EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/08/14 6:43 a.m.28 views

CVE-2020-15136

A flaw was found in etcd. The gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No...

5.8CVSS7AI score0.01636EPSS
Exploits0References4
NVD
NVD
added 2020/08/06 11:15 p.m.27 views

CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS7.2AI score0.01636EPSS
Exploits0References3
OSV
OSV
added 2020/08/06 11:15 p.m.32 views

CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS6.6AI score
Exploits0References3
Prion
Prion
added 2020/08/06 11:15 p.m.30 views

Design/Logic Flaw

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

5.8CVSS6.7AI score0.01636EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2020/08/06 11:15 p.m.261 views

CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS6.7AI score0.01636EPSS
Exploits0References3
CVE
CVE
added 2020/08/06 10:45 p.m.347 views

CVE-2020-15136

CVE-2020-15136 affects etcd gateway behavior: TLS authentication is applied only to endpoints discovered via DNS SRV for a domain, with no authentication for endpoints provided via the --endpoints flag. Root cause is limited endpoint validation in the gateway’s discoverEndpoints flow. Impact: pot...

6.5CVSS6.8AI score0.01636EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/08/06 10:45 p.m.33 views

CVE-2020-15136 Improper authentication in etcd

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS6.8AI score0.01636EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/08/06 10:45 p.m.83 views

CVE-2020-15136

In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...

6.5CVSS7.5AI score0.01636EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2020/03/29 12:0 a.m.86 views

Security update for python-mysql-connector-python (moderate)

openSUSE Security Update: Security update for python-mysql-connector-python Announcement ID: openSUSE-SU-2020:0409-1 Rating: moderate References: 1122204 Cross-References: CVE-2019-2435 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: Thi...

8.1CVSS7.1AI score0.02518EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/02/25 12:0 a.m.25 views

EulerOS 2.0 SP8 : openldap (EulerOS-SA-2020-1169)

According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the...

7.5CVSS6.6AI score0.07022EPSS
Exploits1References3
OSV
OSV
added 2020/01/06 12:0 p.m.52 views

RUSTSEC-2020-0001 Stack overflow when resolving additional records from MX or SRV null targets

There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...

7.5CVSS7.6AI score0.01439EPSS
Exploits1References3
Rows per page
Query Builder