Lucene search
K

869 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43831

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kref leak exists in the SUNRPC component. In the gss alloc msg function, a kref get&gss auth-kref call was implemented to balance the gss put auth operation performed in gss release ms...

5.5CVSS5.7AI score0.0016EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.16 views

TencentOS Server 3: krb5 (TSSA-2026:0386)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0386 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS5.9AI score0.00461EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...

7.5CVSS5.9AI score0.0181EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.13 views

Alibaba Cloud Linux 3 : 0118: krb5 (ALINUX3-SA-2026:0118)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0118 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-40355: A flaw was found in MIT...

7.5CVSS5.8AI score0.00461EPSS
Exploits2References3
OSV
OSV
added 2026/05/22 2:59 p.m.8 views

CLSA-2026-1779461988 krb5: Fix of 3 CVEs

CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecoderequest - CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap...

9.1CVSS6AI score0.14859EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.8 views

SUSE CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 8:39 p.m.6 views

USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

8.8CVSS6.3AI score0.00668EPSS
Exploits0References12
OSV
OSV
added 2026/05/21 7:11 p.m.8 views

USN-8293-1 bind9 vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

9.8CVSS6AI score0.01844EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2026/05/21 7:11 p.m.13 views

USN-8293-1: Bind vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

9.8CVSS6AI score0.01844EPSS
Exploits1
NVD
NVD
added 2026/05/21 10:16 a.m.13 views

CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

7.5CVSS0.00264EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/21 9:27 a.m.17 views

CVE-2026-42002

Concurrency and locking defects in GSS-TSIG...

7.5CVSS5.8AI score0.00264EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/21 9:27 a.m.10 views

CVE-2026-42002 Concurrency and locking defects in GSS-TSIG

Concurrency and locking defects in GSS-TSIG...

5.9CVSS5.8AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:27 a.m.38 views

CVE-2026-42002

CVE-2026-42002 relates to PowerDNS Authoritative (pdns) and is caused by concurrency and locking defects in GSS-TSIG. The Debian advisory notes these issues could lead to denial of service or information disclosure, and recommends upgrading to pdns 4.9.15-0+deb13u1. Connected sources also referen...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/21 9:27 a.m.43 views

CVE-2026-42002 Concurrency and locking defects in GSS-TSIG

Concurrency and locking defects in GSS-TSIG...

5.9CVSS0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

PowerDNS Authoritative 安全漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has security vulnerabilities, which stem from concurrency and locking flaws in GSS-TSIG...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/20 1:9 p.m.14 views

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/05/20 1:9 p.m.14 views

CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in bind9

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of the Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and...

9.8CVSS7.6AI score0.83406EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fixed the loop termination condition in gssfreeintokenpages. The intoken-pages array is not NULL-terminated. This results in the following KASAN issue: KASAN: Potential wild-memory-access in the range...

5.5CVSS6.3AI score0.00269EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/05/20 12:0 a.m.14 views

PowerDNS -- Multiple vulnerabilities

PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor When using views, queries sent using TCP Proxy Protocol will select the view according to the address of the proxy, rather than the address of the initial query. This can lead to...

8.6CVSS5.9AI score0.00365EPSS
Exploits0References1
Rows per page
Query Builder