Lucene search
K

869 matches found

Cvelist
Cvelist
added 2026/06/29 8:47 p.m.42 views

CVE-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

0.00462EPSS
Exploits0References1
OSV
OSV
added 2026/06/27 5:16 p.m.7 views

MGASA-2026-0233 Updated krb5 packages fix security vulnerabilities

CVE-2025-3576, A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity...

5.9CVSS7.1AI score0.00461EPSS
Exploits2References7
Mageia
Mageia
added 2026/06/27 5:16 p.m.8 views

Updated krb5 packages fix security vulnerabilities

CVE-2025-3576, A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity...

7.5CVSS5.8AI score0.00461EPSS
Exploits2References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauthgss: Avoid NULL dereferencing on a zero-length gsstoken in gssreadproxyverf A zero-length gsstoken results in pageaddress being == 0, and intoken-pages0 being NULL. The code pageaddressintoken-pages0, which can lea...

5.5CVSS6AI score0.0016EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:3 a.m.1 views

SUSE-SU-2026:2617-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.6 views

Oracle Linux 9 : bind9.18 (ELSA-2026-24368)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24368 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References13
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Do not leak netobj memory when gssreadproxyverf fails...

6AI score0.00215EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0158: bind (ALINUX3-SA-2026:0158)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0158 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-3039: BIND servers that are...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : mutt (SUSE-SU-2026:2301-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2301-1 advisory. This update for mutt fixes the following issues - CVE-2026-43859: strfcpy used instead of memcpy for the IMAP...

3.7CVSS5.4AI score0.00201EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

EulerOS Virtualization 2.13.1 : openssh (EulerOS-SA-2026-2382)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjuncti...

8.2CVSS7.2AI score0.0218EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

AlmaLinux 9 : kernel (ALSA-2026:24381)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24381 advisory. kernel: smb: client: fix OOB reads parsing symlink error response CVE-2026-31613 kernel: Buffer overflow in drivers/xen/sys-hypervisor.c CVE-2026-31786...

8.1CVSS6.9AI score0.00378EPSS
Exploits4References5
OSV
OSV
added 2026/06/11 6:0 a.m.8 views

RLSA-2026:24339 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

RockyLinux 9 : bind9.18 (RLSA-2026:24368)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24368 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

RockyLinux 10 : bind (RLSA-2026:24338)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24338 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/09 1:12 a.m.10 views

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of...

7.5CVSS5.5AI score0.0046EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2026/06/08 1:54 p.m.8 views

Security update for mutt

This update for mutt fixes the following issues CVE-2026-43859: strfcpy used instead of memcpy for the IMAP authcram MD5 digest bsc1263897. CVE-2026-43860: truncation of hashpasswd by one byte for IMAP authcram MD5 digest bsc1263896. CVE-2026-43861: missing check for \0 in urlpctdecode bsc1263895...

6.9CVSS5.4AI score0.00201EPSS
Exploits0References26
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Important: bind

Issue Overview: Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message, causing denial of service. Both authoritative servers and resolvers are affected. CVE-2026-5946 Affected Packages: bind Note: This...

7.5CVSS5.5AI score0.0181EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2 : bind, --advisory ALAS2-2026-3321 (ALAS-2026-3321)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3321 advisory. Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

AlmaLinux 10 : bind (ALSA-2026:24338)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24338 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References4
Rows per page
Query Builder