Dragonfly

Dragonfly

8 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-59354

  • EPSS 0.02%
  • Published 17.09.2025 19:57:07
  • Last modified 18.09.2025 20:08:13

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with maliciou...

7.5

CVE-2025-59353

Exploit
  • EPSS 0.03%
  • Published 17.09.2025 19:53:36
  • Last modified 18.09.2025 20:08:55

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the ...

9.8

CVE-2025-59352

  • EPSS 0.56%
  • Published 17.09.2025 19:50:38
  • Last modified 18.09.2025 20:09:03

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to re...

3.3

CVE-2025-59349

  • EPSS 0.01%
  • Published 17.09.2025 19:41:03
  • Last modified 18.09.2025 20:17:51

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any per...

7.5

CVE-2025-59348

  • EPSS 0.05%
  • Published 17.09.2025 19:30:22
  • Last modified 18.09.2025 20:18:46

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the processPieceFromSource method does not update the structure’s usedTraffic field, because an uninitialized variable n is used as a guard to the ...

5.3

CVE-2025-59346

  • EPSS 0.04%
  • Published 17.09.2025 19:20:23
  • Last modified 18.09.2025 20:20:38

Dragonfly is an open source P2P-based file distribution and image acceleration system. Versions prior to 2.1.0 contain a server-side request forgery (SSRF) vulnerability that enables users to force DragonFly2’s components to make requests to internal...

9.1

CVE-2025-59345

  • EPSS 0.07%
  • Published 17.09.2025 19:15:47
  • Last modified 08.10.2025 17:23:05

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in Manager web UI are accessible without authentication. Any user with network access to the Manager can c...

4.3

CVE-2005-4351

Exploit
  • EPSS 0.13%
  • Published 31.12.2005 05:00:00
  • Last modified 03.04.2025 01:03:51

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while th...