VMware Spring Web Services 代码问题漏洞

VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are code vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the use of...

Server-side Request Forgery (SSRF)

Overview org.springframework.ws:spring-ws-core is a product of the Spring community focused on creating document-driven Web services. Spring Web Services aims to facilitate contract-first SOAP service development, allowing for the creation of flexible web services using one of the many ways to...

EUVD-2020-5822

Malware in sbrugna...

EUVD-2020-5823

Malware in sbrugna...

EUVD-2021-8955

Malicious code in bioql PyPI...

EUVD-2024-54701

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-13576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote co...

CVE-2024-51980

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

CVE-2024-51981

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

CVE-2024-51980

CVE-2024-51980 is an unauthenticated SSRF that, via WS-Addressing ReplyTo in a SOAP web service on HTTP (port 80), forces affected devices to open a TCP connection to an arbitrary IP/port. The vulnerability is reported across multiple Brother Konica Minolta, FUJIFILM, Ricoh, and Toshiba devices (...

PT-2025-26814 · Brother Industries +4 · Ads-2400N +680

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages t...

CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability...

The vulnerability of the WS-Addressing plugin in the gSOAP software development environment allows a attacker to trigger a service failure.

The vulnerability of the WS-Addressing plugin in the gSOAP software development environment is related to errors in pointer manipulation during SOAP request processing. Exploiting this vulnerability allows an attacker to cause service failures by sending specially crafted HTTP requests...

MGASA-2021-0263 Updated gsoap packages fix security vulnerabilities

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability CVE-2020-13574. A denial-of-service vulnerability exists in...

Updated gsoap packages fix security vulnerabilities

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability CVE-2020-13574. A denial-of-service vulnerability exists in...

openSUSE Security Update : gsoap (openSUSE-2021-632)

This update for gsoap fixes the following issues : - CVE-2020-13576: Fixed a remote code execution via specially crafted SOAP request inside the WS-Addressing plugin boo1182098 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

OPENSUSE-SU-2021:0664-1 Security update for gsoap

This update for gsoap fixes the following issues: - CVE-2020-13576: Fixed a remote code execution via specially crafted SOAP request inside the WS-Addressing plugin boo1182098 This update was imported from the openSUSE:Leap:15.2:Update update project...

OPENSUSE-SU-2021:0632-1 Security update for gsoap

This update for gsoap fixes the following issues: - CVE-2020-13576: Fixed a remote code execution via specially crafted SOAP request inside the WS-Addressing plugin boo1182098...