Lucene search
+L

48 matches found

RedHat Linux
RedHat Linux
added 2026/06/08 10:49 a.m.15 views

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

10CVSS5.7AI score0.01272EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/30 2:8 a.m.23 views

SUSE CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

8.6CVSS6.5AI score0.01272EPSS
Exploits0References11
Amazon
Amazon
added 2026/05/26 12:0 a.m.19 views

Important: unbound

Issue Overview: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary c...

10CVSS6.6AI score0.01272EPSS
Exploits0
OSV
OSV
added 2026/05/23 11:2 a.m.8 views

CLSA-2026-1779534149 unbound: Fix of CVE-2026-33278

CVE-2026-33278: use-after-free in DNSSEC validator dnsmsgdeepcopyregion during NSEC3 sub-query suspend/resume; buggy struct-assignment overwrote the destination's freshly-allocated rrsets pointer with the source's pointer, leaving a dangling pointer dereferenced after the source region was freed...

10CVSS6.4AI score0.01272EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 10:16 a.m.4 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

9.8CVSS6.8AI score0.01272EPSS
Exploits0References7
NVD
NVD
added 2026/05/20 10:16 a.m.18 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS0.01272EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/20 9:18 a.m.11 views

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 9:18 a.m.13 views

EUVD-2026-31075

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 9:18 a.m.51 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1–1.25.0 contains a vulnerability in the DNSSEC validator: during NSEC3-budget–driven validation suspensions, Unbound deep-copies response messages and a struct-assignment overwrites the destination pointer with the source pointer. After freeing the sub-query region, the v...

10CVSS6.5AI score0.01272EPSS
Exploits0References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/20 9:18 a.m.12 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/20 9:18 a.m.55 views

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS0.01272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.26 views

PT-2026-42125

Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...

10CVSS6.3AI score0.01272EPSS
Exploits0References83
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.18 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 3:16 p.m.8 views

CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

8.1CVSS0.00217EPSS
Exploits0References5
CVE
CVE
added 2026/05/08 2:21 p.m.24 views

CVE-2026-43362

CVE-2026-43362 affects the Linux kernel SMB client by an in-place encryption flaw in SMB2_write(), where the write payload could be replaced with ciphertext during retries on unstable connections. The root cause is that smb3_init_transform_rq() shares rq_iov, causing crypt_message() to in-place-e...

8.1CVSS5.8AI score0.00217EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.8 views

CVE-2026-43362

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

5.8AI score0.00217EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/08 2:21 p.m.36 views

CVE-2026-43362 smb: client: fix in-place encryption corruption in SMB2_write()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

8.1CVSS0.00217EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 2:21 p.m.3 views

CVE-2026-43362 smb: client: fix in-place encryption corruption in SMB2_write()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2write SMB2write places write payload in iov1..n as part of rqiov. smb3inittransformrq pointer-shares rqiov, so cryptmessage encrypts iov1 in-place, replacing the original...

8.1CVSS6.2AI score0.00217EPSS
Exploits0References8
Exploit DB
Exploit DB
added 2026/04/30 12:0 a.m.104 views

Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap

Exploit Title: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap Date: 2026-02-23 Exploit Author: nu11secur1ty Vendor Homepage: https://www.google.com/chrome/ Software Link: https://www.google.com/chrome/ Version: Chrome = 144.x | Chrome 145.0.7632.75 Tested on: Windows 11 / Linux / macOS CVE...

8.8CVSS5.8AI score0.2202EPSS
Exploits12
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-32878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.20 and 8.6.44, an attacker can bypass the default request keyword denylist protection and the class-level permission for adding fields by sending a crafted request that...

7.5CVSS5.8AI score0.00345EPSS
Exploits0References1
Rows per page
Query Builder