Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/26 9:29 p.m.12 views

CVE-2026-42012

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 8:4 p.m.5 views

CVE-2026-33644 Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs

Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in PhotoUrlRule.php can be bypassed using DNS rebinding. The IP validation check line 86-89 only activates when the hostname is an IP address. When a domain name is used, filtervar$host,...

2.3CVSS5.9AI score0.00217EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2024/08/29 3:20 a.m.2 views

SUSE CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

10CVSS6.7AI score0.0056EPSS
Exploits0References3
OSV
OSV
added 2024/08/27 7:15 p.m.4 views

AZL-48342 CVE-2024-5991 affecting package mariadb for versions less than 10.6.9-4

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2024/08/27 7:15 p.m.7 views

AZL-48368 CVE-2024-5991 affecting package mariadb for versions less than 10.6.9-6

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

7.5CVSS5.8AI score0.0056EPSS
Exploits0References1
OSV
OSV
added 2024/08/27 7:15 p.m.1 views

UBUNTU-CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

10CVSS5.8AI score0.0056EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2011/04/08 12:0 a.m.46 views

dhcp security update

12:4.1.1-12.P1.4 - Better fix for CVE-2011-0997: making domain-name check more lenient 690578 12:4.1.1-12.P1.3 - dhclient: insufficient sanitization of certain DHCP response values CVE-2011-0997, 690578...

7.5CVSS1.9AI score0.84292EPSS
Exploits6
Rows per page
Query Builder