87 matches found
CVE-2024-28607
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...
CVE-2024-28607
CVE-2024-28607 affects the ip-utils package for Node.js up to version 2.4.0. The root cause is a faulty isPrivate check that can misclassify certain IPs (e.g., 0x7f.1) as globally routable, enabling SSRF. Documented impacts are SSRF risk; no explicit remediation or patch/version guidance is prese...
CVE-2024-28607
The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...
Linux Distros Unpatched Vulnerability : CVE-2022-0718
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote in them cause incorrect masking in debug logs, causing any part of...
MAL-2025-477 Malicious code in godaddy-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6e3e78c314bba5e60254ba13cbb65a58a2d4c0f88a9ea6a5b62cde08027bd2bb The OpenSSF Package Analysis project identified 'godaddy-utils' @ 999.9.9 npm as malicious. It is considered malicious because: - The package...
Malicious code in action-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31baa3db4424164fa3d7884ba12d4c44fdfe3bc4db9eb835121b5adbeb9485db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in biip-utils (PyPI)
--- -= Per source details. Do not edit below this line.=-...
RHEL 6 : xdg-utils (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - xdg-utils: local file inclusion vulnerability CVE-2020-27748 - xdg-utils: improper parse of mailto URIs...
Exploit for Embedded Malicious Code in Tukaani Xz
CVE-2024-3094-Checker The repository consists of a checker fil...
CVE-2024-21505
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting...
CVE-2023-0634
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
CVE-2023-0634
An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command...
Mageia: Security Advisory (MGASA-2022-0455)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-VFV3-9W6V-23JP vulnerabilities
Vulnerabilities for packages: efs-utils...
Malicious code in rmesse-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 95598c9e21fb55331bec7e3e8ec91ebf7174c5036d14918247fdc377c2aff6ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in f0-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d0bc80ffed72bd61fae6dc05340437a775bd61cb786636c3fdc8ba346429cc9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MGASA-2022-0170 Updated cifs-utils packages fix security vulnerability
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-27239 cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = equal sign...
Fedora: Security Advisory for cifs-utils (FEDORA-2022-34de4f833d)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2012:1529-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : cifs-utils (EulerOS-SA-2021-1284)
According to the version of the cifs-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary...