Unity Linux 20.1050e / 20.1070e Security Update: perl-Net-CIDR-Lite (UTSA-2026-016598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016598 advisory. The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some...

CVE-2025-40911

Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are...

CVE-2025-1204

The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to...

DEBIAN-CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

CVE-2021-47155

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

Apache Shenyu Server Side Request Forgery vulnerability

There exists an SSRF Server-Side Request Forgery vulnerability located at the /sandbox/proxyGateway endpoint. This vulnerability allows us to manipulate arbitrary requests and retrieve corresponding responses by inputting any URL into the requestUrl parameter. Of particular concern is our ability...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2023-1173)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name the cn argument of mbedtlsx509crtverify with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to an...

CVE-2021-29923

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR...

Unspecified Bypass Vulnerability in Data-Validate-IP

Data-Validate-IP is an open source application by Dave Rolsky. Provides IPv4 and IPv6 validation methods. Data-Validate-IP version before 0.29 has a security vulnerability that can be exploited by attackers to bypass IP address-based access control...

CVE-2006-4461

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors...

FreeBSD : Apache 1.3 IP address access control failure on some 64-bit platforms (09d418db-70fd-11d8-873f-0020ed76ef5a)

Henning Brauer discovered a programming error in Apache 1.3's modaccess that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a deny from' IP address access control rule including a netmask to...

Apache 1.3 IP address access control failure on some 64-bit platforms

Henning Brauer discovered a programming error in Apache 1.3's modaccess that results in the netmasks in IP address access control rules being interpreted incorrectly on 64-bit, big-endian platforms. In some cases, this could cause a deny from' IP address access control rule including a netmask to...