214 matches found
Netmask NPM Package - Server-Side Request Forgery
Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the...
PT-2026-43273
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A stack-based buffer overflow exists in the BGP NLRI Network Layer Reachability Information decoder. The function decode bgp subnet encoding ipv4 raw in src/bgp protocol.cpp rea...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: A overflow issue was addressed in the bitmapipcreate function. When firstip is 0, lastip is 0xFFFFFFFF, and the netmask is 31, the value of an arithmetic expression 2 netmask - maskbits - 1 is susceptible to...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: arp: Overflow has been prevented in arpreqget. Syzkaller reported an overflow during the write operation in arpreqget. 0 When the ioctlSIOCGARP function is called, arpreqget retrieves a neighbor entry and copies neigh-ha to struc...
Astra Linux - уязвимость в libnet-netmask-perl
The Net::Netmask module in versions prior to 2.0000 for Perl does not properly handle extra zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls that are based on IP addresses...
CVE-2026-33376 Auth Proxy IPv6 whitelist bypass
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
CVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
CVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
CVE-2019-25408 Comodo Dome Firewall 2.7.0 Reflected Cross-Site Scripting via netwizard2
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
CVE-2019-25408
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmaskaddr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmaskaddr...
Comodo Dome Firewall 跨站脚本漏洞
Comodo Dome Firewall is a unified threat management and next-generation firewall provided by the Chinese company Comodo. Version 2.7.0 of Comodo Dome Firewall contains a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the netmaskaddr parameter in the...
PT-2026-20811
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask addr...
CVE-2019-25390 Smoothwall Express 3.1 'interfaces.cgi' Cross-Site Scripting
Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple reflected cross-site scripting vulnerabilities in the interfaces.cgi script that allow attackers to inject malicious scripts through multiple parameters including GREENADDRESS, GREENNETMASK, REDDHCPHOSTNAME, REDADDRESS, DNS1OVERRIDE...
CVE-2026-2157
A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub4175CC of the file /goform/setstaticroutetable. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection. The attack may be performed from remote. The...
MiracleLinux 3 : sudo-1.7.2p1-14.AXS3 (AXSA:2012-690:02)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-690:02 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...
MiracleLinux 4 : sudo-1.7.4p5-12.AXS4 (AXSA:2012-755:02)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-755:02 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...
CVE-2024-39762
Multiple OS command injection vulnerabilities exist in the internet.cgi setaddrouting functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A...
CVE-2025-15046
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...
CVE-2025-15046 Tenda WH450 HTTP Request PPTPClient stack-based overflow
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...
CVE-2025-15046 Tenda WH450 HTTP Request PPTPClient stack-based overflow
A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. Th...