Lucene search
K

3409 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.14 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.12 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.14 views

CC-Tweaked has an SSRF Protection Bypass with NAT64

CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can reach an...

5.9AI score0.00054EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 11:40 a.m.7 views

SUSE-SU-2026:21860-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2024-14027: xattr: switch to CLASSfd bsc1259420. - CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when...

9.8CVSS6.6AI score0.0138EPSS
Exploits19References455
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.29 views

CVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacks

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

0.00128EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/28 9:36 a.m.13 views

EUVD-2026-32820

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.8AI score0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 9:16 p.m.19 views

CVE-2026-47269

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 8:11 p.m.44 views

CVE-2026-47269 pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 8:11 p.m.13 views

EUVD-2026-32656

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

7.4CVSS5.9AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 8:11 p.m.24 views

CVE-2026-47269

CVE-2026-47269 affects pam_usb on Linux. The deny_remote feature checks utmpx ut_addr_v6[0] to identify remote sessions, but IPv4-mapped IPv6 addresses cause the check to fail (ut_addr_v6[0] == 0, while the IPv4 address is in ut_addr_v6[3]), so remote SSH connections can be treated as local. As a...

7.4CVSS5.9AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 12:56 p.m.29 views

CVE-2026-46037

The CVE-2026-46037 issue affects the Linux kernel IPv4 ICMP component. Extended echo replies could use ICMP_EXT_ECHOREPLY outside the icmp_pointers[] range; the fix avoids icmp_pointers[] lookups for out-of-range types and uses array_index_nospec() for in-range lookups. Multiple OS feeds report p...

8.2CVSS5.7AI score0.00433EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 12:28 p.m.10 views

CVE-2026-45844

A flaw was found in the Linux kernel's netfilter ARP Address Resolution Protocol tables. When processing IPv4-over-IEEE1394 ARP packets on IEEE1394 interfaces, the kernel incorrectly parses the ARP payload. This can lead to incorrect filtering decisions by arptables, where packets that should be...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.9 views

CVE-2026-46037

ipv4: icmp: validate reply type before using icmppointers...

8.2CVSS5.8AI score0.00433EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 4:16 p.m.7 views

DEBIAN-CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS6.4AI score0.00565EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 4:16 p.m.7 views

UBUNTU-CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS6.4AI score0.00565EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/26 12:0 a.m.14 views

EUVD-2026-31842

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS6.4AI score0.00565EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.9 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

6.4AI score0.00565EPSS
Exploits0References3
CVE
CVE
added 2026/05/26 12:0 a.m.19 views

CVE-2026-48686

CVE-2026-48686 affects FastNetMon Community Edition up to version 1.2.9. The vulnerability is a stack-based buffer overflow in the BGP NLRI decoder: decode_bgp_subnet_encoding_ipv4_raw() reads prefix_bit_length from the BGP packet without enforcing an upper bound (

9.8CVSS6.4AI score0.00565EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.35 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

0.00565EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/26 12:0 a.m.10 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS6.4AI score0.00565EPSS
Exploits0
Rows per page
Query Builder