Lucene search
K

210 matches found

Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:3 a.m.1 views

SUSE-SU-2026:2617-1 Security update for bind

This update for bind fixes the following issues: - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-5946: Invalid handling of CLASS != IN bsc1265594...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.4 views

Oracle Linux 9 : bind9.18 (ELSA-2026-24368)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-24368 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0158: bind (ALINUX3-SA-2026:0158)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0158 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-3039: BIND servers that are...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

EulerOS Virtualization 2.13.1 : openssh (EulerOS-SA-2026-2382)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 mishandles the authorizedkeys principals option in uncommon scenarios involving a principals list in conjuncti...

8.2CVSS7.2AI score0.0218EPSS
Exploits0References7
OSV
OSV
added 2026/06/11 6:0 a.m.8 views

RLSA-2026:24339 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

RockyLinux 9 : bind9.18 (RLSA-2026:24368)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24368 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

RockyLinux 10 : bind (RLSA-2026:24338)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:24338 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References5
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: bind

Issue Overview: Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message, causing denial of service. Both authoritative servers and resolvers are affected. CVE-2026-5946 Affected Packages: bind Note: This...

7.5CVSS5.5AI score0.0181EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

RHEL 9 : bind (RHSA-2026:24367)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24367 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.14 views

Amazon Linux 2 : bind, --advisory ALAS2-2026-3321 (ALAS-2026-3321)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3321 advisory. Fix GSS-API resource leak CVE-2026-3039 An unauthenticated remote attacker can crash any affected named instance with a...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.8 views

AlmaLinux 10 : bind (ALSA-2026:24338)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:24338 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.7 views

RockyLinux 8 : bind9.16 (RLSA-2026:23360)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:23360 advisory. bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 bind: BIND: Denial of Service via specially crafted DNS messages...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.11 views

Oracle Linux 8 : bind9.16 (ELSA-2026-23360)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-23360 advisory. - Fix GSS-API resource leak CVE-2026-3039 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

7.5CVSS5.6AI score0.0181EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/04 3:27 p.m.11 views

Important: Red Hat Security Advisory: bind9.16 security update

An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/06/04 12:0 a.m.7 views

Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS5.5AI score0.0181EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2026/06/04 12:0 a.m.11 views

bind9.16 security update

32:9.16.23-0.22.6 - Fix GSS-API resource leak CVE-2026-3039 - Invalid handling of CLASS != IN CVE-2026-5946...

7.5CVSS5.8AI score0.0181EPSS
Exploits0
NVD
NVD
added 2026/05/27 2:17 p.m.10 views

CVE-2026-45964

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...

5.5CVSS0.0016EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.8 views

CVE-2026-45964

SUNRPC: fix gssauth kref leak in gssallocmsg error path...

5.8AI score0.0016EPSS
Exploits0References2
Rows per page
Query Builder