Lucene search
K

127 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in RustC

The library/std/src/net/parser.rs file in Rust before version 1.53.0 does not properly handle zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls based on IP addresses due to incorrect octal interpretation of those zero characte...

9.1CVSS8.2AI score0.02623EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Python-Django

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address did not prohibit leading zero characters in octal literals. This may allow bypassing access control based on IP addresses. validateipv4address and validateipv46address...

7.5CVSS7.2AI score0.03058EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.8 views

CVE-2026-40684

A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...

7.5CVSS6AI score0.00362EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.19 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc (not glibc), a vulnerability can crash the connection instance when malformed DNS PTR data is present. The issue arises from a dn_expand octal printing oddity in the handling of PTR records, as described in multiple sources. Affected software/comp...

7.5CVSS5.2AI score0.00362EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.5 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

5.9CVSS5.8AI score0.00362EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.7 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

6.1CVSS5.2AI score0.00362EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26442

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

6.1CVSS5.2AI score0.00362EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.10 views

PT-2026-36195

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.99.2 Description On systems using musl libc instead of glibc, an attacker can crash the connection instance by providing malformed DNS data in PTR records. This issue stems from an oddity in octal printing within the d...

7.5CVSS5.8AI score0.00362EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.61 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

5.9CVSS0.00362EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/04/30 12:0 a.m.6 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

7.5CVSS5.8AI score0.00362EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/22 7:34 a.m.4 views

CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions

A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions 0777 instead of 0700 for the /.local directory. This allows the attacker to inject a malicious .desktop launcher, which could lead to unintended actions or...

2.5CVSS5.7AI score0.00085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/14 7:22 p.m.6 views

CVE-2026-33534

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS6.5AI score0.01978EPSS
Exploits5References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 7:20 p.m.1 views

CVE-2026-33534

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

6.5CVSS5.8AI score0.01978EPSS
Exploits5References3Affected Software1
EUVD
EUVD
added 2026/04/13 7:20 p.m.8 views

EUVD-2026-22079

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

6.5CVSS5.8AI score0.01978EPSS
Exploits5References2
Cvelist
Cvelist
added 2026/04/13 7:20 p.m.25 views

CVE-2026-33534 EspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notation

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery SSRF vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation e.g.,...

4.3CVSS0.01978EPSS
Exploits5References2
Exploit DB
Exploit DB
added 2026/04/06 12:0 a.m.126 views

is-localhost-ip 2.0.0 - SSRF

Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...

6.9CVSS5.9AI score0.00357EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.4 views

Fedora 42 : perl-Net-CIDR (2026-baf8782c7a)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-baf8782c7a advisory. Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlook...

6.5CVSS5.8AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 1:16 a.m.11 views

CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ma...

6.5CVSS0.00322EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 1:16 a.m.6 views

CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ma...

6.5CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 12:16 a.m.4 views

CVE-2021-4456

Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The functions addr2cidr and cidrlookup may return leading zeros in a CIDR string, which may in turn be parsed as octal numbers by subsequent users. In some cases an attacker ma...

6.5CVSS5.8AI score0.00322EPSS
Exploits0References4
Rows per page
Query Builder