CVE-2025-13605

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

CVE-2018-25427 Arm Whois 3.11 Buffer Overflow via SEH Overwrite

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

CVE-2018-25423 Arm Whois 3.11 Denial of Service via Buffer Overflow

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition...

CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

CVE-2021-47894

Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the...

PT-2026-4510

Name of the Vulnerable Software and Affected Versions Managed Switch Port Mapping Tool version 2.85.2 Description The software contains a denial of service issue that allows attackers to crash the application. This is achieved by creating an oversized buffer. Specifically, attackers can generate ...

PT-2026-23852

Name of the Vulnerable Software and Affected Versions Apache ZooKeeper versions prior to 3.8.6 Apache ZooKeeper versions prior to 3.9.5 Description A flaw exists in the hostname verification process within Apache ZooKeeper’s ZKTrustManager. When IP Subject Alternative Name SAN validation fails, t...

CVE-2025-12148

In Search Guard versions 3.1.1 and earlier, Field Masking FM rules are improperly enforced on fields of type IP IP Address. While the content of these fields is properly redacted in the source document returned by search operations, the results do return documents hits when searching based on a...

EUVD-2019-6249

Malware in sbrugna...

EUVD-2020-28371

Malware in sbrugna...

CVE-2025-44961

In RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user...

CVE-2025-44961

In RUCKUS SmartZone SZ before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the process that applies field masking rules to fields of types ip, geopoint, geoshape, xypoint, and xyshape. An attacker can access sensitive information by issuing search queries that reconstruct the original...

CVE-2019-15238

The cforms2 plugin before 15.0.2 for WordPress has CSRF related to the IP address field...

BIT-DJANGO-2024-56374

An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions cleanipv6address and...

django: potential denial-of-service vulnerability in IPv6 validation

A flaw was found in the Django framework. Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial of service attack. The undocumented and private functions cleanipv6address and isvalidipv6address were vulnerable, as was the...

SUSE CVE-2014-0474

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

Command injection

oaliptaddBridgeIsolationRules on TP-Link TL-WR840N 6EU0.9.14.16 devices allows OS command injection because a raw string entered from the web interface an IP address field is used directly for a call to the system library function for iptables. NOTE: oaliptaddBridgeIsolationRules is not the only...

CVE-2020-8958

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field...

CVE-2020-8958

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field. Recent assessments: Assessed Attacker Value: 0...