16 matches found
EUVD-2006-1529
Malware in sbrugna...
EUVD-2025-22416
Malicious code in bioql PyPI...
CVE-2025-8267
CVE-2025-8267 affects the Python/JS package ssrfcheck prior to 1.2.0, with an incomplete IP denylist failing to classify 224.0.0.0/4 (Multicast) as invalid. This enables SSRF against multicast addresses via crafted requests. Public references from Red Hat, HTC OSV, GHSA, NVD, and PT-2025-31048 co...
CVE-2025-8020
All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...
private-ip vulnerable to Server-Side Request Forgery
All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF, where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...
CVE-2025-8020
All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...
CVE-2025-8020
CVE-2025-8020 affects the private-ip package. All versions are reported vulnerable to Server-Side Request Forgery (SSRF) by accepting an IP/hostname that resolves to a multicast address (224.0.0.0/4), which is not excluded by the package’s private IP range checks. Multiple sources (RH, NVD, GitHu...
CVE-2025-8020
All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...
CVE-2025-8020
All versions of the package private-ip are vulnerable to Server-Side Request Forgery SSRF where an attacker can provide an IP or hostname that resolves to a multicast IP address 224.0.0.0/4 which is not included as part of the private IP ranges in the package's source code...
Hirschmann HiOS Switches Argument Injection or Modification (CVE-2019-12264)
An attacker residing on the LAN may choose to hijack a DHCP-client session that requests an IPv4 address. The attacker can send a multicast IP-address in the DHCP offer/ack message, which the victim system then incorrectly assigns. This vulnerability can be combined with CVE-2019-12259 to create ...
Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)
In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...
Design/Logic Flaw
iprouteinput in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service panic via a request for a route for a multicast IP address, which triggers a null dereference...
CVE-2006-1525
iprouteinput in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service panic via a request for a route for a multicast IP address, which triggers a null dereference...
CVE-2006-1525
iprouteinput in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service panic via a request for a route for a multicast IP address, which triggers a null dereference...
ChangeLog-2.6.16.8
commit aa48603d1ba772d0a2b28ab73098be2119878eba Author: Greg Kroah-Hartman [email protected] Date: Tue Apr 18 14:32:07 2006 -0700 Linux 2.6.16.8 commit a0b277b4fdcbc24c26af7c5d019e9448a51c79cf Author: Stephen Hemminger [email protected] Date: Mon Apr 17 17:27:11 2006 -0700 PATCH iprouteinput panic...
MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit
No description provided by source. // Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking // // A problem has been identified in the RSVP Server for Microsoft Windows 2000 that // may allow an attacker to hijack management of the network. This could allow an // attacke...