Lucene search
K

399 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: Properly handles tunneled traffic when using GSO fallback for IPV6CSUM. NETIFFIPV6CSUM only indicates support for packet checksum offloading without IPv6 extension headers. Packets with extension headers must rely on...

7.5CVSS5.7AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 4:18 p.m.8 views

OPENSUSE-SU-2026:20773-1 Security update for perl-Net-CIDR

This update for perl-Net-CIDR fixes the following issues: Changes in perl-Net-CIDR: - updated to 0.270.0 0.27 0.27 Sam Varshavchik cidrvalidate bug fix. - updated to 0.260.0 0.26 0.26 Sam Varshavchik cidrvalidate should accept IPv6 addresses with one uncompressed 0. - updated to 0.250.0 0.25 0.25...

6.5CVSS5.8AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 12:0 a.m.24 views

ALSA-2026:19031 Important: skopeo security update

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.13 views

PT-2026-41393

Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.4.17 Better Auth versions prior to 1.5.0-beta.9 Description The HTTP rate limiter in Better Auth identifies requests based on the exact textual IP address found in the x-forwarded-for header or other configured...

7.3CVSS5.8AI score0.00295EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.26 views

PT-2026-41185

Name of the Vulnerable Software and Affected Versions CodeWhale versions prior to 0.8.26 Description Server-Side Request Forgery SSRF occurs when the application fails to properly validate IPv6 addresses provided directly in a URL, such as http://::1. While the system validates hostnames that...

7.4CVSS5.8AI score0.00239EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/13 9:32 p.m.10 views

EUVD-2026-30142

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:28 p.m.7 views

CVE-2026-33376

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:28 p.m.8 views

CVE-2026-44232

DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.0.3, every IPv6 category bypasses isurlsafe. This vulnerability is fixed in 1.0.3...

8.7CVSS5.2AI score0.00349EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/09 2:39 a.m.15 views

SUSE CVE-2026-43441

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...

5.9CVSS5.8AI score0.00479EPSS
Exploits0References17
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28613

In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IPv6 is: ethernet mangling 4 payload actions, 2 for each ethernet address SNAT 4 payload actions DNAT ...

5.8AI score0.00141EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/08 2:22 p.m.8 views

CVE-2026-43441

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...

7.5CVSS5.7AI score0.00479EPSS
Exploits0
NVD
NVD
added 2026/05/08 2:16 p.m.22 views

CVE-2026-43339

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

7.8CVSS0.00121EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too...

7.8CVSS6.6AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

n8n-MCP 代码问题漏洞

n8n-MCP is a model context protocol server developed by Romuald Członkowski, an individual developer. There are code vulnerabilities in versions 2.47.4 to 2.47.13 of n8n-MCP. These vulnerabilities stem from the fact that the SSRFRProtection.validateUrlSync URL verifier does not check IPv6...

8.5CVSS5.9AI score0.00206EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/06 6:13 p.m.10 views

NPM: dssrf: every IPv6 category bypasses is_url_safe

NPM: dssrf: every IPv6 category bypasses isurlsafe vulnerability discovered by ? in WordPress Npm dssrf versions 1.3.0...

8.7CVSS5.8AI score0.00349EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/05 9:23 a.m.14 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.3AI score0.0052EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2026/05/05 12:0 a.m.16 views

Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS5.8AI score0.0052EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/01 6:0 p.m.5 views

CVE-2026-43038

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.7 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ip6errgenicmpv6unreach function failing to clear the cb array of skb2, which results in the IPv4 cb...

9.8CVSS5.8AI score0.00255EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/29 12:41 p.m.6 views

ovn: ovn: Heap Over-Read in ICMP Error Response Generation

When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total length iptotlen for IPv4, ip6plen for IPv6 without validating it against the actual packet buffer size...

6.5CVSS5.5AI score0.00629EPSS
Exploits0References4
Rows per page
Query Builder