Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.4 views

Atlassian Confluence 7.19.0 < 8.5.20 / 8.6.x < 9.2.6 / 9.3.x < 9.3.1 / 9.4.0 / 9.5.x < 9.5.2 / 10.0.x < 10.0.2 / 10.1.0 / 10.2.0 (CONFSERVER-101489)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101489 advisory. - The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and...

8.1CVSS6.8AI score0.08279EPSS
Exploits0References2
Atlassian
Atlassian
added 2025/11/14 6:28 a.m.14 views

SSRF (Server-Side Request Forgery) in Confluence Data Center and Server

This High severity SSRF Server-Side Request Forgery vulnerability known as CVE-2024-29415 was introduced in 7.19 of Confluence Data Center and Server. This vulnerability with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H allows an unauthenticated attacker t...

8.1CVSS6.9AI score0.08279EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/16 8:9 p.m.3 views

CVE-2025-59436

The ip aka node-ip package through 2.0.1 in NPM might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. Mitigation Mitigation for this issue is either not...

8.1CVSS8.7AI score0.08279EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/09/16 2:44 a.m.11 views

org.webjars.npm:bonjour (=3.5.0), org.webjars.npm:dns-packet (>=1.3.1 <=4.2.0) +10 more potentially affected by CVE-2024-29415 +1 more via org.webjars.npm:ip (>=1.1.5 <=2.0.0)

org.webjars.npm:ip MAVEN version =1.1.5, =1.3.1, =1.0.1, =6.2.3, =4.2.0, =1.1.10, =3.0.1, =4.0.2 - org.webjars.npm:splitsoftwaresplitio =10.8.4 Source cves: CVE-2024-29415, CVE-2025-59436 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-14101892...

8.1CVSS6.9AI score0.08279EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/16 2:44 a.m.7 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 007-nodejs (>=2.5.0 <=2.5.3) +46037 more potentially affected by CVE-2024-29415 +1 more via ip (>=0.0.1 <=2.0.1)

ip NPM version =0.0.1, =1.0.1, =2.5.0, =2.5.3 - 0726react =0.1.1 - 0me.sh =0.1.15 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

8.1CVSS6.8AI score0.08279EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/09/16 2:44 a.m.18 views

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 007-nodejs (>=2.5.0 <=2.5.3) +46037 more potentially affected by CVE-2024-29415 +1 more via ip (>=0.0.1 <=2.0.1)

ip NPM version =0.0.1, =1.0.1, =2.5.0, =2.5.3 - 0726react =0.1.1 - 0me.sh =0.1.15 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

8.1CVSS6.8AI score0.08279EPSS
Exploits0
Snyk
Snyk
added 2025/09/16 2:44 a.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the ip.isPublic and ip.isPrivate functions. An attacker can interact with internal network resources by supplying specially crafted IP address such as null route "0" that is being incorrectly...

10CVSS6.9AI score0.08279EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 6:6 p.m.24 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in IP

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of IP Vulnerability Details CVEID:CVE-2024-29415 DESCRIPTION: The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are...

8.1CVSS6.5AI score0.08279EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/11/25 7:44 p.m.37 views

Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release

Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of...

10CVSS7.1AI score0.09076EPSS
Exploits7References10
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/22 2:45 p.m.37 views

Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-27088 DESCRIPTION: medikoo es5-ext is vulnerable to a...

8.2CVSS6.7AI score0.87211EPSS
Exploits3Affected Software1
RedhatCVE
RedhatCVE
added 2024/06/03 1:32 p.m.165 views

CVE-2024-29415

A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Securi...

9.8CVSS8.6AI score0.08279EPSS
Exploits1References4
Chainguard
Chainguard
added 2024/05/27 8:15 p.m.15 views

CVE-2024-29415 vulnerabilities

Vulnerabilities for packages: py3-jupyterlab, kibana, sqlpad...

8.1CVSS6.8AI score0.08279EPSS
Exploits0
Wolfi
Wolfi
added 2024/05/27 8:15 p.m.32 views

CVE-2024-29415 vulnerabilities

Vulnerabilities for packages: sqlpad, py3-jupyterlab...

8.1CVSS6.8AI score0.08279EPSS
Exploits0
Cvelist
Cvelist
added 2024/05/27 8:4 p.m.81 views

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

9.7AI score0.08279EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/27 8:4 p.m.32 views

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

7AI score0.08279EPSS
Exploits0References3
OSV
OSV
added 2024/05/27 8:4 p.m.43 views

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

8.1CVSS6.9AI score0.08279EPSS
Exploits0References6
CVE
CVE
added 2024/05/27 8:4 p.m.1349 views

CVE-2024-29415

CVE-2024-29415 affects the npm package ip (Node.js) up to version 2.0.1, enabling SSRF due to an incomplete fix of CVE-2023-42282. The root cause is the incorrect categorization of certain IPs as globally routable by isPublic. Exploitation details and affected versions beyond 2.0.1 are not provid...

8.1CVSS6.6AI score0.08279EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/05/27 8:4 p.m.30 views

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

8.1CVSS7.4AI score0.08279EPSS
Exploits0
Rows per page
Query Builder