National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): BIND
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 486 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-14505

mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.

Published: July 22, 2018; 02:29:00 PM -04:00
(not available)
CVE-2018-1337

In Apache LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).

Published: July 10, 2018; 09:29:00 AM -04:00
(not available)
CVE-2018-11316

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

Published: July 03, 2018; 12:29:00 PM -04:00
(not available)
CVE-2018-11314

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker.

Published: July 03, 2018; 12:29:00 PM -04:00
(not available)
CVE-2018-8016

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.

Published: June 28, 2018; 12:29:00 PM -04:00
(not available)
CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system.

Published: June 26, 2018; 01:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-12716

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.

Published: June 24, 2018; 10:29:00 PM -04:00
(not available)
CVE-2017-2668

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

Published: June 22, 2018; 09:29:00 AM -04:00
(not available)
CVE-2018-12421

LTB (aka LDAP Tool Box) Self Service Password before 1.3 allows a change to a user password (without knowing the old password) via a crafted POST request, because the ldap_bind return value is mishandled and the PHP data type is not constrained to be a string.

Published: June 14, 2018; 03:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM
CVE-2018-11407

An issue was discovered in the Ldap component in Symfony 2.8.x before 2.8.37, 3.3.x before 3.3.17, 3.4.x before 3.4.7, and 4.0.x before 4.0.7. It allows remote attackers to bypass authentication by logging in with a "null" password and valid username, which triggers an unauthenticated bind. NOTE: this issue exists because of an incomplete fix for CVE-2016-2403.

Published: June 13, 2018; 12:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-5814

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.

Published: June 12, 2018; 12:29:00 PM -04:00
V3: 7.0 HIGH
V2: 6.9 MEDIUM
CVE-2017-18154

A crafted binder request can cause an arbitrary unmap in MediaServer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

Published: June 06, 2018; 05:29:00 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2016-10695

The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Published: June 04, 2018; 03:29:00 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2016-10640

node-thulac is a node binding for thulac. node-thulac downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published: June 04, 2018; 12:29:00 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2016-10615

curses is bindings for the native curses library, a full featured console IO library. curses downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published: June 01, 2018; 02:29:01 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2016-10612

dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dalek-browser-ie-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published: June 01, 2018; 02:29:01 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2016-10605

dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published: June 01, 2018; 02:29:01 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2016-10604

dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-browser-chrome downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published: June 01, 2018; 02:29:01 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2016-10585

libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.

Published: June 01, 2018; 02:29:00 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH
CVE-2016-10584

dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Published: May 29, 2018; 04:29:01 PM -04:00
V3: 8.1 HIGH
V2: 9.3 HIGH