Lucene search
+L

6 matches found

OSV
OSV
added 2026/05/05 8:51 p.m.61 views

GHSA-V228-72C7-FX8J open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`

Summary src/utils/urlSafety.ts exposes isPublicHttpUrl / assertPublicHttpUrl, used to gate the MCP fetchWebContent tool against private-network targets. The check has two defects that together allow non-blind SSRF with the response body returned to the caller: 1. Bracketed IPv6 literals are never...

8.2CVSS6AI score0.00215EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.12 views

RHCOS 1 : ruby193-ruby (RHSA-2013:1137)

The remote Red Hat Enterprise Linux CoreOS 1 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1137 advisory. - ruby: hostname check bypassing vulnerability in SSL client CVE-2013-4073 Note that Nessus has not tested for this issue but has instead...

6.8CVSS5.8AI score0.02767EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2016-1579

Malware in sbrugna...

7.5CVSS8AI score0.01908EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2013/11/21 4:40 a.m.6 views

python: hostname check bypassing vulnerability in SSL module

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

4.3CVSS6.9AI score0.05347EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/11/20 4:37 p.m.7 views

python: hostname check bypassing vulnerability in SSL module

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

4.3CVSS6.9AI score0.05347EPSS
Exploits1References4
NVD
NVD
added 2009/08/31 8:30 p.m.14 views

CVE-2009-3024

The verifyhostnameofcert function in the certificate checking feature in IO-Socket-SSL IO::Socket::SSL 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate...

4.3CVSS6.5AI score0.00996EPSS
Exploits0References8
Rows per page
Query Builder