173 matches found
CVE-2020-35857
An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption...
CVE-2020-35857
The CVE-2020-35857 entry applies to the trust-dns-server crate in Rust, prior to version 0.18.1. The issue arises from how MX and SRV null targets are handled, leading to stack consumption (stack overflow) when processing additional records for MX/SRV targets, potentially causing a crash and DOS....
GHSA-R4M5-47CQ-6QG8 Server-Side Request Forgery in ftp-srv
All versions of ftp-srv from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network...
Server-Side Request Forgery in ftp-srv
All versions of ftp-srv from v1.0.0 onward to v4.3.3 are vulnerable to Server-Side Request Forgery SSRF. The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to access any network...
CVE-2020-15152
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
CVE-2020-15152
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
CVE-2020-15152 Server-Side Request Forgery in ftp-srv
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the server to make a...
CVE-2020-15152
CVE-2020-15152 affects the ftp-srv npm package. It allows Server-Side Request Forgery via the PORT command, enabling the server to connect to arbitrary IPs. Affected versions are before 2.19.6, 3.1.2, and 4.3.4. Remediation: upgrade to 2.19.6, 3.1.2, 4.3.4 or later. A workaround noted in advisori...
@zpmc/zwd-server (>=0.0.14 <=0.0.21) potentially affected by CVE-2020-15152 via ftp-srv (=4.1.0)
ftp-srv NPM version =4.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on ftp-srv and may be impacted: - @zpmc/zwd-server =0.0.14, =0.0.21 Source cves: CVE-2020-15152 Source advisory: OSV:GHSA-JW37-5GQR-CF9J...
CVE-2020-15136
A flaw was found in etcd. The gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No...
CVE-2020-15136
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
CVE-2020-15136
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
Design/Logic Flaw
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
CVE-2020-15136
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
CVE-2020-15136
CVE-2020-15136 affects etcd gateway behavior: TLS authentication is applied only to endpoints discovered via DNS SRV for a domain, with no authentication for endpoints provided via the --endpoints flag. Root cause is limited endpoint validation in the gateway’s discoverEndpoints flow. Impact: pot...
CVE-2020-15136 Improper authentication in etcd
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
CVE-2020-15136
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints...
Security update for python-mysql-connector-python (moderate)
openSUSE Security Update: Security update for python-mysql-connector-python Announcement ID: openSUSE-SU-2020:0409-1 Rating: moderate References: 1122204 Cross-References: CVE-2019-2435 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: Thi...
EulerOS 2.0 SP8 : openldap (EulerOS-SA-2020-1169)
According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the...
RUSTSEC-2020-0001 Stack overflow when resolving additional records from MX or SRV null targets
There's a stack overflow leading to a crash and potential DOS when processing additional records for return of MX or SRV record types from the server. This is only possible when a zone is configured with a null target for MX or SRV records, i.e. '.'. Example effected zone record: text no-service...