Lucene search
+L

750 matches found

euvd
euvd
added 2026/07/09 2:16 p.m.10 views

EUVD-2026-42597

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References3
osv
osv
added 2026/07/09 1:12 p.m.2 views

SUSE-RU-2026:2815-1 Recommended update for apptainer

This update for apptainer contains the following fixes: Security fixes included on this update: - CVE-2026-2303: go.mongodb.org/mongo-driver: Heap Out-of-Bounds Read in GSSAPI Error Handling bsc1270529. Other fixes: - Enable building of SUID starter for SLES 15 jscPED-16347...

6.9CVSS6.6AI score0.00223EPSS
Exploits0References3
osv
osv
added 2026/07/08 1:16 a.m.6 views

DEBIAN-CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

7.5CVSS6AI score0.00407EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/07/08 12:11 a.m.9 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

6.5CVSS5.9AI score0.00179EPSS
Exploits0References3
debiancve
debiancve
added 2026/07/08 12:11 a.m.5 views

CVE-2026-59998

sshd in OpenSSH before 10.4 has an undocumented security-relevant behavior: GSSAPIStrictAcceptorCheck has no value if the server is in Windows Active Directory...

6.5CVSS5.9AI score0.00179EPSS
Exploits0
attackerkb
attackerkb
added 2026/07/07 9:17 a.m.11 views

CVE-2026-11610

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References20Affected Software1
redhatcve
redhatcve
added 2026/07/07 9:17 a.m.8 views

CVE-2026-11610

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS6.1AI score0.00627EPSS
Exploits0References3
nessus
nessus
added 2026/06/30 12:0 a.m.10 views

Apache Tomcat 9.0.0.M1 < 9.0.102

The version of Tomcat installed on the remote host is prior to 9.0.102. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.102security-9 advisory. - Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to...

7.3CVSS6.1AI score0.00462EPSS
Exploits0References3
snyk
snyk
added 2026/06/29 10:23 p.m.4 views

Missing Critical Step in Authentication

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the JNDIRealm process when configured to authenticate binds using GSSAPI. An attacker can gain unauthorized access by...

9.3CVSS5.8AI score0.00462EPSS
Exploits0References2
osv
osv
added 2026/06/29 9:16 p.m.11 views

DEBIAN-CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References1
osv
osv
added 2026/06/29 9:16 p.m.5 views

UBUNTU-CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References7
cve
cve
added 2026/06/29 8:47 p.m.113 views

CVE-2026-55957

CVE-2026-55957 describes an authentication bypass in Apache Tomcat when JNDIRealm is configured to authenticate binds using GSSAPI, allowing attackers to authenticate without the correct password. Affected releases include Tomcat 11.0.0-M1–11.0.4, 10.1.0-M1–10.1.36, 9.0.0.M1–9.0.100, 8.5.0–8.5.10...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2026/06/29 8:47 p.m.8 views

CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0
osv
osv
added 2026/06/29 8:47 p.m.2 views

CVE-2026-55957 Apache Tomcat: Authentication bypass with JNDIRealm and GSSAPI authenticated bind

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS6AI score0.00462EPSS
Exploits0References4
nessus
nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2455)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...

8.2CVSS7.4AI score0.0218EPSS
Exploits0References7
nessus
nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : openssh (EulerOS-SA-2026-2496)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.CVE-2026-35388 OpenSSH before 10.3 mishandles...

8.2CVSS7.4AI score0.0218EPSS
Exploits0References7
astralinux
astralinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh. The API function sshgethexa is vulnerable to a denial-of-service attack when processing zero-length inputs. This vulnerability can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication, if the...

8.2CVSS6.5AI score0.00582EPSS
Exploits0References3
osv
osv
added 2026/06/24 1:9 p.m.5 views

OESA-2026-2691 mongo-c-driver security update

mongo-c-driver is a project that includes two libraries: libmongoc, a client library written in C for MongoDB. libbson, a library providing useful routines related to building, parsing, and iterating BSON documents. Security Fixes: The MongoDB C Driver's Cyrus SASL integration performs unsafe...

8.6CVSS6.1AI score0.00126EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/23 3:37 a.m.10 views

CVE-2026-55654

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References4
euvd
euvd
added 2026/06/23 3:37 a.m.13 views

EUVD-2026-38414

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00367EPSS
Exploits1References2
Rows per page
Query Builder