CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CRLF Injection

jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...

GHSA-PP3C-CF6J-M3FF Server-Side Request Forgery in Jodd HTTP

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

Server-Side Request Forgery in Jodd HTTP

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Removed by vendor...

Siemens Nucleus ReadyStart Denial of Service Vulnerability

Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. A denial-of-service vulnerability exists in Siemens Nucleus ReadyStart, which is used to accelerate the fast startup of complete systems and provides a rich board-level support package Bsp. The vulnerability stems from the...

CVE-2021-31890

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, PLUSCONTROL 1st Gen All versions, SIMOTICS CONNECT 400 All versions V0.5.0.0, SIMOTICS CONNECT 400 All versions V1.0.0.0. The total length of an TCP...

SUSE: Security Advisory (SUSE-SU-2017:1898-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2031-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ISC BIND 9.15.6 < 9.16.6 / 9.17.x < 9.17.4 DoS

According to its self-reported version number, the installation of ISC BIND running on the remote name server is version 9.15.6 prior to 9.16.6 or 9.17.x prior to 9.17.4. It is, therefore, affected by a denial of service DoS vulnerability due to an incorrectly specified maximum buffer size. An...

USN-4468-1 bind9 vulnerabilities

Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8620 Joseph Gullo discovered that Bind incorrectly handled...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2017:2031-1)

This update for systemd provides several fixes and enhancements. Security issues fixed : - CVE-2017-9217: NULL pointer dereferencing that could lead to resolved aborting. bsc1040614 - CVE-2017-9445: Possible out-of-bounds write triggered by a specially crafted TCP payload from a DNS server...

Ubuntu Fixes Linux Systemd Bug

Developers with Canonical pushed out a handful of patches for the Linux-based operating system Ubuntu this week, including one that resolves a bug that could have let an attacker cause a denial of service or execute arbitrary code with a TCP payload. Chris Coulson, a software and electronics...

CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

UBUNTU-CVE-2017-9445

In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and...

Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read

Wireshark - dissectberconstrainedbitstring Heap Out-of-Bounds Read Source: https://code.google.com/p/google-security-research/issues/detail?id=659 The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed fi...

Python Meterpreter, Python Bind TCP Stager with UUID Support

Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Listen for a connection with UUID Support This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...

HP Data Protector CMD Install Service Vulnerability (msf)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ Exploit Title: HP Data Protector Client...