Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2025/09/26 11:23 p.m.4 views

SUSE CVE-2025-59410

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

3.7CVSS7AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2025/09/24 7:21 p.m.5 views

GO-2025-3974 DragonFly's tiny file download uses hard coded HTTP protocol in d7y.io/dragonfly

DragonFly's tiny file download uses hard coded HTTP protocol in d7y.io/dragonfly...

6.9CVSS7AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2025/09/17 8:23 p.m.14 views

GHSA-MCVP-RPGG-9273 DragonFly's tiny file download uses hard coded HTTP protocol

Impact The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak...

6.9CVSS7AI score0.0013EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/09/17 8:23 p.m.7 views

DragonFly's tiny file download uses hard coded HTTP protocol

Impact The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak...

6.9CVSS7AI score0.0013EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2025/09/17 8:15 p.m.7 views

CVE-2025-59410

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

6.9CVSS0.0013EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 7:58 p.m.8 views

CVE-2025-59410 Dragonfly tiny file download uses hard coded HTTP protocol

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing th...

6.9CVSS0.0013EPSS
Exploits0References2
Rows per page
Query Builder