CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CRLF Injection

jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...

Server-Side Request Forgery in Jodd HTTP

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

GHSA-PP3C-CF6J-M3FF Server-Side Request Forgery in Jodd HTTP

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Removed by vendor...

Siemens Nucleus ReadyStart Denial of Service Vulnerability

Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. A denial-of-service vulnerability exists in Siemens Nucleus ReadyStart, which is used to accelerate the fast startup of complete systems and provides a rich board-level support package Bsp. The vulnerability stems from the...

CVE-2021-31890

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. The total length of an TCP...

SUSE: Security Advisory (SUSE-SU-2017:2031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:1898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ISC BIND 9.15.6 < 9.16.6 / 9.17.x < 9.17.4 DoS

According to its self-reported version number, the installation of ISC BIND running on the remote name server is version 9.15.6 prior to 9.16.6 or 9.17.x prior to 9.17.4. It is, therefore, affected by a denial of service DoS vulnerability due to an incorrectly specified maximum buffer size. An...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2017:2031-1)

This update for systemd provides several fixes and enhancements. Security issues fixed : - CVE-2017-9217: NULL pointer dereferencing that could lead to resolved aborting. bsc1040614 - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server...

Ubuntu Fixes Linux Systemd Bug

Developers with Canonical pushed out a handful of patches for the Linux-based operating system Ubuntu this week, including one that resolves a bug that could have let an attacker cause a denial of service or execute arbitrary code with a TCP payload. Chris Coulson, a software and electronics...

CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

UBUNTU-CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read

Wireshark - dissectberconstrainedbitstring Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=659 The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed fi...

Python Meterpreter, Python Bind TCP Stager with UUID Support

Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Listen for a connection with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...