Net-CIDR-Lite 安全漏洞

Net-CIDR-Lite is a Perl module for handling CIDR addresses from the individual developers at Stig. A security vulnerability exists in Net-CIDR-Lite versions prior to 0.24 that stems from not properly handling extra zero characters in CIDR mask values, which could lead to IP ACL bypass...

The vulnerability of the Net::CIDR::Lite interpreter for the Perl programming language arises from errors in handling extra null characters at the beginning of an IP address string. This allows a malicious actor to bypass access controls.

The vulnerability of the Net::CIDR::Lite interpreter for the Perl programming language is related to errors in handling extra zero characters at the beginning of an IP address. Exploiting this vulnerability can allow a remote attacker to bypass access controls...

CVE-2021-47155

The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

BIT-PYTHON-2021-29921

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2022-2740)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a...

golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet

A flaw was found in golang. Extraneous zero characters at the beginning of an IP address octet are not properly considered which could allow an attacker to bypass IP-based access controls. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Denial Of Service (DoS)

library/std/src/net/parser.rs in Rust is vulnerable to denial of service. It does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses, because of unexpected octa...

Improper access control

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2021-29662

The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which in some situations allows attackers to bypass access control that is based on IP addresses...

CVE-2019-9900

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters NUL, ASCII 0x0. This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources...

Tiki Wiki CMS Groupware XSS Vulnerability

Tiki Wiki CMS Groupware is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-9305

lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batchsendnewsletter.php...