Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Net-CIDR vulnerability (USN-8110-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8110-1 advisory. Dave Rolsky discovered that Net-CIDR did not properly sanitize IP addresses. An attacker could possibl...

CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling...

CVE-2024-13666

CVE-2024-13666 concerns the Fluent Forms WordPress plugin (versions up to and including 5.2.12) with an IP address spoofing vulnerability caused by insufficient IP validation and reliance on user-supplied HTTP headers for IP retrieval. This enables unauthenticated attackers to spoof their IP and ...

CVE-2022-4303

The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based restrictions on login forms...

WordPress WP-Polls Bypasses IP-Based Restrictions Vulnerability

WP-Polls is a WordPress polling plugin. A vulnerability exists in WordPress WP-Polls versions prior to 2.76.0 to bypass IP-based restrictions. The vulnerability stems from prioritizing the IP of visitors from certain HTTP headers instead of PHP's REMOTEADDR, which can be exploited by an attacker ...

CVE-2022-2362

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass IP-based download blocking restrictions...

CVE-2022-2228

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling...

CVE-2020-7921

A vulnerability was discovered in MongoDB, where an update operation on a user-define role clears the authenticationRestrictions field that was previously set. This unexpected behavior may remove previous IP based restrictions configured on a role, thus allowing a user to bypass them once the...