Lucene search
K

6 matches found

NVD
NVD
added 2026/01/13 7:16 p.m.11 views

CVE-2025-68949

n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison. As a result, an incoming request could be accepted if the source IP address merely contained the configured...

5.3CVSS0.00253EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/04/28 3:43 p.m.2 views

Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR

A flaw was found in the way the Linux kernel derived the IP ID field from a partial kernel space address returned by a nethashmix function. A remote user could observe this IP ID field to extract the kernel address bits used to derive its value, which may result in leaking the hash key and...

7.5CVSS7.2AI score0.03252EPSS
Exploits0References5
OSV
OSV
added 2019/07/05 11:15 p.m.1 views

DEBIAN-CVE-2019-10639

The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols e.g....

7.5CVSS7.9AI score0.03252EPSS
Exploits0References1
OSV
OSV
added 2015/07/22 5:4 p.m.3 views

USN-2676-1 nbd vulnerabilities

It was discovered that NBD incorrectly handled IP address matching. A remote attacker could use this issue with an IP address that has a partial match and bypass access restrictions. This issue only affected Ubuntu 12.04 LTS. CVE-2013-6410 Tuomas Räsänen discovered that NBD incorrectly handled...

7.8CVSS5.8AI score0.03675EPSS
Exploits0References4
OSV
OSV
added 2014/09/15 12:26 p.m.5 views

USN-2346-1 curl vulnerabilities

Tim Ruehsen discovered that curl incorrectly handled partial literal IP addresses. This could lead to the disclosure of cookies to the wrong site, and malicious sites being able to set cookies for others. CVE-2014-3613 Tim Ruehsen discovered that curl incorrectly allowed cookies to be set for Top...

5CVSS6.6AI score0.07432EPSS
Exploits0References3
curl security advisories
curl security advisories
added 2014/09/10 8:0 a.m.8 views

cookie leak with IP address as domain

By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application...

5CVSS7.3AI score0.07432EPSS
Exploits0Affected Software2
Rows per page
Query Builder