Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-7160

Summary
Assigner-nodejs
Assigner Org ID-386269d4-a6c6-4eaa-bf8e-bc0b0d010558
Published At-17 May, 2018 | 14:00
Updated At-17 Sep, 2024 | 01:35
Rejected At-
Credits

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nodejs
Assigner Org ID:386269d4-a6c6-4eaa-bf8e-bc0b0d010558
Published At:17 May, 2018 | 14:00
Updated At:17 Sep, 2024 | 01:35
Rejected At:
▼CVE Numbering Authority (CNA)

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

Affected Products
Vendor
Node.js (OpenJS Foundation)The Node.js Project
Product
Node.js
Versions
Affected
  • ^6.0.0 || ^8.0.0 || ^9.0.0
Problem Types
TypeCWE IDDescription
CWECWE-350CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
Type: CWE
CWE ID: CWE-350
Description: CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
x_refsource_CONFIRM
https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_refsource_MISC
Hyperlink: https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
x_transferred
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
x_refsource_CONFIRM
x_transferred
https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-request@iojs.org
Published At:17 May, 2018 | 14:29
Updated At:07 Nov, 2023 | 03:00

The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Node.js (OpenJS Foundation)
nodejs
>>node.js>>Versions from 6.0.0(inclusive) to 6.8.1(inclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Node.js (OpenJS Foundation)
nodejs
>>node.js>>Versions from 6.9.0(inclusive) to 6.14.0(exclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Node.js (OpenJS Foundation)
nodejs
>>node.js>>Versions from 8.0.0(inclusive) to 8.8.1(inclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Node.js (OpenJS Foundation)
nodejs
>>node.js>>Versions from 8.9.0(inclusive) to 8.11.0(exclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Node.js (OpenJS Foundation)
nodejs
>>node.js>>Versions from 9.0.0(inclusive) to 9.10.0(exclusive)
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Weaknesses
CWE IDTypeSource
CWE-290Primarynvd@nist.gov
CWE-350Secondarycve-request@iojs.org
CWE ID: CWE-290
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-350
Type: Secondary
Source: cve-request@iojs.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/cve-request@iojs.org
Vendor Advisory
https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSScve-request@iojs.org
N/A
https://www.oracle.com//security-alerts/cpujul2021.htmlcve-request@iojs.org
Third Party Advisory
Hyperlink: https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
Source: cve-request@iojs.org
Resource:
Vendor Advisory
Hyperlink: https://support.f5.com/csp/article/K63025104?utm_source=f5support&amp%3Butm_medium=RSS
Source: cve-request@iojs.org
Resource: N/A
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: cve-request@iojs.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

21Records found
CVE-2021-3672
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.6||MEDIUM
EPSS-0.11% / 30.47%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 00:00
Updated-15 Oct, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-c-ares_projectpgbouncern/aSiemens AGRed Hat, Inc.Fedora ProjectNode.js (OpenJS Foundation)
Product-c-aresenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_ausenterprise_linuxenterprise_linux_computer_nodeenterprise_linux_tusnode.jssinec_infrastructure_network_servicespgbouncerenterprise_linux_workstationfedoraenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusc-ares
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-9840
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-5.54% / 89.89%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Action-Not Available
Vendor-boostzlibn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Oracle CorporationNode.js (OpenJS Foundation)Apple Inc.openSUSE
Product-enterprise_linux_desktopboostnode.jsenterprise_linux_eustvosenterprise_linux_workstationjdkleapsatellitedatabase_serverdebian_linuxenterprise_linux_servermac_os_xjreiphone_oswatchosmysqlubuntu_linuxzlibopensusen/a
CVE-2016-1669
Matching Score-8
Assigner-Chrome
ShareView Details
Matching Score-8
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-4.82% / 89.09%
||
7 Day CHG-0.74%
Published-14 May, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.

Action-Not Available
Vendor-n/aNode.js (OpenJS Foundation)openSUSEGoogle LLCDebian GNU/LinuxCanonical Ltd.
Product-v8opensuseubuntu_linuxchromedebian_linuxnode.jsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-12120
Matching Score-8
Assigner-Node.js
ShareView Details
Matching Score-8
Assigner-Node.js
CVSS Score-8.1||HIGH
EPSS-0.88% / 74.45%
||
7 Day CHG~0.00%
Published-28 Nov, 2018 | 17:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)
Product-node.jsNode.js
CWE ID-CWE-419
Unprotected Primary Channel
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2014-9748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.40% / 59.87%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 16:54
Updated-06 Aug, 2024 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Action-Not Available
Vendor-libuvn/aMicrosoft CorporationNode.js (OpenJS Foundation)
Product-libuvwindows_xpnode.jswindows_server_2003n/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-8265
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-0.69% / 70.75%
||
7 Day CHG~0.00%
Published-06 Jan, 2021 | 21:01
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Oracle CorporationSiemens AGFedora ProjectDebian GNU/Linux
Product-sinec_infrastructure_network_servicesdebian_linuxgraalvmfedoranode.jsNode
CWE ID-CWE-416
Use After Free
CVE-2020-10531
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.55%
||
7 Day CHG~0.00%
Published-12 Mar, 2020 | 18:09
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.

Action-Not Available
Vendor-icu-projectn/aCanonical Ltd.Node.js (OpenJS Foundation)Google LLCRed Hat, Inc.openSUSEFedora ProjectDebian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverubuntu_linuxdebian_linuxchromeenterprise_linux_workstationfedorainternational_components_for_unicodebanking_extensibility_workbenchenterprise_linux_desktopnode.jsleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-9842
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-8
Assigner-OpenText (formerly Micro Focus)
CVSS Score-8.8||HIGH
EPSS-6.25% / 90.53%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Action-Not Available
Vendor-zlibn/aDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.Oracle CorporationNode.js (OpenJS Foundation)Apple Inc.openSUSE
Product-enterprise_linux_desktopnode.jsenterprise_linux_eustvosenterprise_linux_workstationjdkleapsatellitedatabase_serverdebian_linuxenterprise_linux_servermac_os_xjreiphone_oswatchosmysqlubuntu_linuxzlibopensusen/a
CVE-2021-22884
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.15%
||
7 Day CHG~0.00%
Published-03 Mar, 2021 | 17:37
Updated-30 Apr, 2025 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.

Action-Not Available
Vendor-Node.js (OpenJS Foundation)Oracle CorporationNetApp, Inc.Siemens AGFedora Project
Product-sinec_infrastructure_network_servicespeoplesoft_enterprise_peopletoolsgraalvme-series_performance_analyzermysql_clusternosql_databasefedoraactive_iq_unified_manageroncommand_workflow_automationjd_edwards_enterpriseone_toolssnapcenternode.jsoncommand_insightNode
CWE ID-CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
CVE-2021-34561
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.25%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 10:32
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A vulnerability in WirelessHART-Gateway <= 3.0.8 allows to bypass any IP or firewall based access restrictions through DNS rebinding

In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, if the application is not externally accessible or uses IP-based access restrictions. Attackers can use DNS Rebinding to bypass any IP or firewall based access restrictions that may be in place, by proxying through their target's browser.

Action-Not Available
Vendor-pepperl-fuchsPhoenix Contact GmbH & Co. KG
Product-wha-gw-f2d2-0-as-z2-eth_firmwarewha-gw-f2d2-0-as-z2-eth.eipwha-gw-f2d2-0-as-z2-eth.eip_firmwarewha-gw-f2d2-0-as-z2-ethWHA-GW-F2D2-0-AS- Z2-ETHWHA-GW-F2D2-0-AS- Z2-ETH.EIP
CWE ID-CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
CVE-2024-20674
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-13.85% / 94.04%
||
7 Day CHG~0.00%
Published-09 Jan, 2024 | 17:56
Updated-03 May, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Security Feature Bypass Vulnerability

Windows Kerberos Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 11 version 22H3Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016Windows 10 Version 1507Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows 10 Version 21H2Windows 10 Version 1607Windows 11 version 22H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows Server 2022Windows 11 version 21H2Windows Server 2008 R2 Service Pack 1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 10 Version 22H2
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2019-20790
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.26%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 14:00
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.

Action-Not Available
Vendor-pypolicyd-spf_projecttrusteddomainn/aFedora Project
Product-pypolicyd-spffedoraopendmarcn/a
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2023-52235
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.06% / 19.15%
||
7 Day CHG+0.02%
Published-05 Apr, 2024 | 00:00
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack.

Action-Not Available
Vendor-n/aspacex_starlink_wi_fi_router_gen_2
Product-n/aspacex_starlink_wi_fi_router_gen_2
CWE ID-CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
CVE-2023-32207
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.20% / 42.19%
||
7 Day CHG~0.00%
Published-02 Jun, 2023 | 00:00
Updated-27 May, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_esrfirefoxthunderbirdFirefoxFirefox ESRThunderbird
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2020-2002
Matching Score-4
Assigner-Palo Alto Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.1||HIGH
EPSS-0.35% / 56.93%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 19:07
Updated-17 Sep, 2024 | 04:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PAN-OS: Spoofed Kerberos key distribution center authentication bypass

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0.

Action-Not Available
Vendor-Palo Alto Networks, Inc.
Product-pan-osPAN-OS
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2020-26276
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-10||CRITICAL
EPSS-0.98% / 75.80%
||
7 Day CHG~0.00%
Published-17 Dec, 2020 | 19:40
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SAML authentication vulnerability in Fleet

Fleet is an open source osquery manager. In Fleet before version 3.5.1, due to issues in Go's standard library XML parsing, a valid SAML response may be mutated by an attacker to modify the trusted document. This can result in allowing unverified logins from a SAML IdP. Users that configure Fleet with SSO login may be vulnerable to this issue. This issue is patched in 3.5.1. The fix was made using https://github.com/mattermost/xml-roundtrip-validator If upgrade to 3.5.1 is not possible, users should disable SSO authentication in Fleet.

Action-Not Available
Vendor-fleetdmfleetdm
Product-fleetfleet
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2018-1695
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.3||HIGH
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 14:00
Updated-16 Sep, 2024 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. IBM X-Force ID: 145769.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_application_serverWebSphere Application Server
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-31149
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.14% / 34.78%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 13:50
Updated-22 Apr, 2025 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ActivityWatch vulnerable to DNS rebinding attack

ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a patch. As a workaround, block DNS lookups that resolve to 127.0.0.1.

Action-Not Available
Vendor-ActivityWatch
Product-activitywatchactivitywatch
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2022-21142
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.88% / 74.46%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 09:50
Updated-03 Aug, 2024 | 02:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.

Action-Not Available
Vendor-applepleappleple inc.
Product-a-blog_cmsa-blog cms
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2021-31195
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-75.41% / 98.84%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-28 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 20Microsoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2016 Cumulative Update 19
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2017-0902
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.1||HIGH
EPSS-6.91% / 91.01%
||
7 Day CHG~0.00%
Published-31 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

Action-Not Available
Vendor-rubygemsDebian GNU/LinuxCanonical Ltd.HackerOneRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linux_server_tusenterprise_linux_workstationrubygemsenterprise_linux_server_eusdebian_linuxenterprise_linux_serverubuntu_linuxenterprise_linux_server_ausRubyGems
CWE ID-CWE-346
Origin Validation Error
CWE ID-CWE-350
Reliance on Reverse DNS Resolution for a Security-Critical Action
Details not found