Lucene search
K

39 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.8 views

CVE-2026-57942

LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the getremoteaddress function that allows unauthenticated attackers to spoof client IP addresses by injecting arbitrary values into the X-Forwarded-For header without trusted proxy validation. Attacker...

6.9CVSS0.00192EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 2:6 p.m.45 views

CVE-2026-44894

Netty's QUIC token handling bug: NoQuicTokenHandler.validateToken() returns 0 (valid) before 4.2.15.Final, causing the server to treat any non-empty Initial token as valid and invoke quiche_accept, lifting anti-amplification limits per RFC 9000. An attacker with a spoofed victim IP can trigger re...

7.5CVSS5.2AI score0.00143EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-32029

OpenClaw versions prior to 2026.2.21 improperly parse the left-most X-Forwarded-For header value when requests originate from configured trusted proxies, allowing attackers to spoof client IP addresses. In proxy chains that append or preserve header values, attackers can inject malicious header...

6.3CVSS5.8AI score0.00189EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/25 7:54 p.m.2 views

Use of Less Trusted Source

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Use of Less Trusted Source via the getRealIpAddr function. An attacker can bypass IP-based access controls, rate limiting, or forge audit log entries by sending...

6.9CVSS5.8AI score0.00175EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/12/30 7:31 a.m.4 views

CVE-2025-69217

A flaw was found in coturn. A remote attacker can exploit a predictable random number generator used for nonces and port randomization. By sending a series of unauthenticated requests, an attacker can reconstruct the random number generator's state, allowing them to predict future nonces and port...

7.7CVSS6.8AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/29 6:44 p.m.7 views

User Impersonation

Overview org.onosproject:onos-core-net is an ONOS network control core subsystem. Affected versions of this package are vulnerable to User Impersonation through the manipulation of IP/MAC address mappings. An attacker can send crafted messages containing spoofed IP/MAC addresses, replacing those ...

9.8CVSS6.8AI score0.00347EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/11 12:0 a.m.5 views

H2O 访问控制错误漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. H2O suffers from an access control error vulnerability that stems from the fact that access control does not detect and prohibit HTTP requests conveyed by packets with spoofed source addresses, allowin...

7.5CVSS6.7AI score0.00438EPSS
Exploits0References4
OSV
OSV
added 2024/08/19 9:15 p.m.2 views

CVE-2024-35538

Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as value of X-Forwarded-For or Client-Ip headers while performing HTTP requests...

5.3CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2023/12/24 5:15 a.m.8 views

AZL-32296 CVE-2023-51764 affecting package postfix for versions less than 3.7.0-3

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

5.3CVSS6AI score0.02598EPSS
Exploits4References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.5 views

SUSE CVE-2005-0095

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...

5CVSS7AI score0.68776EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2022/05/10 1:58 p.m.4 views

kernel: sctp: Invalid chunks may be used to remotely remove existing associations

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses...

6.5CVSS6.5AI score0.0124EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2022/03/11 8:0 a.m.6 views

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

...

6.5CVSS7.2AI score0.0124EPSS
Exploits0
OSV
OSV
added 2022/03/02 11:15 p.m.3 views

DEBIAN-CVE-2021-3772

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses...

6.5CVSS6.3AI score0.0124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/09/08 12:0 a.m.24 views

PT-2021-7751 · Linux +9 · Linux +9

Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A flaw was found in the Linux SCTP stack, allowing a blind attacker to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being...

9.8CVSS7.7AI score0.93838EPSS
Exploits350References1892
OSV
OSV
added 2020/08/19 1:15 p.m.1 views

CVE-2020-4653

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web si...

6.1CVSS5.6AI score0.00707EPSS
Exploits0References2
OSV
OSV
added 2019/03/23 11:0 a.m.5 views

OPENSUSE-SU-2019:0197-1 Security update for avahi

This update for avahi fixes the following issues: Security issue fixed: - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 This update was imported from the SUSE:SLE-15:Update update project...

9.2AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/02/11 12:0 a.m.40 views

SUSE SLES11 Security Update : avahi (SUSE-SU-2019:13947-1)

This update for avahi fixes the following issues : Security issue fixed : CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...

8.1AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/02/05 12:0 a.m.36 views

openSUSE Security Update : avahi (openSUSE-2019-128)

This update for avahi fixes the following issues : Security issue fixed : - CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 This update was imported from the SUSE:SLE-12-SP2:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Th...

8.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/01/28 12:0 a.m.51 views

SUSE SLED12 / SLES12 Security Update : avahi (SUSE-SU-2019:0179-1)

This update for avahi fixes the following issues : Security issue fixed : CVE-2018-1000845: Fixed DNS amplification and reflection to spoofed addresses DOS bsc1120281 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...

8.1AI score
Exploits0References4
Ubuntu
Ubuntu
added 2019/01/23 1:39 p.m.99 views

USN-3707-2: NTP vulnerabilities

USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could...

9.8CVSS7AI score0.12367EPSS
Exploits4
Rows per page
Query Builder