Dragonfly

Dragonfly

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-59354

  • EPSS 0.02%
  • Veröffentlicht 17.09.2025 19:57:07
  • Zuletzt bearbeitet 18.09.2025 20:08:13

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with maliciou...

7.5

CVE-2025-59353

Exploit
  • EPSS 0.03%
  • Veröffentlicht 17.09.2025 19:53:36
  • Zuletzt bearbeitet 18.09.2025 20:08:55

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the ...

9.8

CVE-2025-59352

  • EPSS 0.56%
  • Veröffentlicht 17.09.2025 19:50:38
  • Zuletzt bearbeitet 18.09.2025 20:09:03

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to re...

3.3

CVE-2025-59349

  • EPSS 0.01%
  • Veröffentlicht 17.09.2025 19:41:03
  • Zuletzt bearbeitet 18.09.2025 20:17:51

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any per...

7.5

CVE-2025-59348

  • EPSS 0.05%
  • Veröffentlicht 17.09.2025 19:30:22
  • Zuletzt bearbeitet 18.09.2025 20:18:46

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the ...

5.3

CVE-2025-59346

  • EPSS 0.04%
  • Veröffentlicht 17.09.2025 19:20:23
  • Zuletzt bearbeitet 18.09.2025 20:20:38

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery (SSRF) vulnerability that enables users to force DragonFly2’s components to make requests to internal...

2.7

CVE-2025-59345

  • EPSS 0.07%
  • Veröffentlicht 17.09.2025 19:15:47
  • Zuletzt bearbeitet 18.09.2025 13:43:34

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can c...

4.3

CVE-2005-4351

Exploit
  • EPSS 0.13%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while th...