OpenSSL x509 Vulnerability (20250522) - Linux

OpenSSL is prone to a vulnerability in the x509 application. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

CVE-2024-28607

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...

IP Util Functions Library 安全漏洞

IP Util Functions Library is a collection of intellectual property-related utilities by Sean Nelson, an individual developer. A security vulnerability exists in IP Util Functions Library version 2.4.0 and earlier, which stems from certain IP addresses being misclassified as globally routable,...

CVE-2025-26788

StrongKey FIDO Server before 4.15.1 treats a non-discoverable namedcredential flow as a discoverable transaction...

CPython 安全漏洞

CPython is a Python interpreter implemented in C from the Python Foundation. A security vulnerability exists in CPython that stems from the default use of user-writable file paths on Windows platforms, which could lead to memory errors or file type misclassification...

PT-2025-27685

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the drm/amd/display component, where a drm wb connector was incorrectly treated as an amdgpu dm connector...

kernel: udp: do not accept non-tunnel GSO skbs landing in a tunnel

CVE-2024-35884 highlights a flaw in the Linux kernel's handling of UDP packets when Generic Receive Offload GRO forwarding is enabled. The issue occurs because non-tunnel UDP packets are sometimes mistakenly processed as if they belong to a tunnel. This can lead to data corruption or kernel...

AZL-49132 CVE-2024-8096 affecting package mysql for versions less than 8.0.36-1

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error tha...

Cisco IOS XR 安全漏洞

Cisco IOS XR is a set of operating systems developed by the American company Cisco for its network equipment. A security vulnerability exists in Cisco IOS XR that stems from misclassification of certain types of Ethernet frames received on the interface...

DEBIAN-CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

CVE-2024-29415

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1 are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282...

PT-2024-4071 · Node.Js +1 · Ip +1

Name of the Vulnerable Software and Affected Versions: ip package versions through 2.0.1 for Node.js Description: The issue is related to the improper categorization of certain IP addresses as globally routable via the isPublic function, which might allow Server-Side Request Forgery SSRF attacks...

GHSA-HQ88-WG7Q-GP4G mlflow vulnerable to Path Traversal

mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...

CVE-2024-3573

mlflow/mlflow is vulnerable to Local File Inclusion LFI due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'islocaluri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the...

CVE-2024-3573

The CVE-2024-3573 entry concerns mlflow/mlflow with a Local File Inclusion (LFI) caused by improper parsing of URIs in the is_local_uri logic. The issue misclassifies URIs with empty or file schemes as non-local, enabling an attacker to craft malicious model versions (source parameter) that bypas...

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

...

UBUNTU-CVE-2023-42282

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

AZL-34379 CVE-2023-42282 affecting package nodejs for versions less than 16.20.2-3

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

Redefining the StripedFly Malware Framework

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An intricate cross-platform malware framework, known as StripedFly, operated discreetly for five years, surreptitiously compromising over a million Windows and Linux systems. It skillfully evaded in-dept...

CVE-2023-30961

Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link...