Lucene search
K

118 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in glibc

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library’s DNS backend can lead to a situation where a zero-valued network is queried during operations in the GNU C Library versions 2.0 to 2.42. This could result in leaking stack contents to the configured...

7.5CVSS7.1AI score0.00564EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in glibc

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...

5.9CVSS6.6AI score0.01439EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 4:16 a.m.15 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 3:34 a.m.24 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 3:34 a.m.13 views

EUVD-2026-37834

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50619

Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description A flaw exists in the cifs.upcall helper that fails to securely drop root privileges before performing user information lookups within a user-controlled environment. A local, low-privileged...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References26
RedHat Linux
RedHat Linux
added 2026/05/26 10:23 a.m.19 views

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.7AI score0.00189EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in glibc

The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15, when the cache was added to nscd. This vulnerability only exists in the nscd binary...

7.4CVSS6.3AI score0.00403EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 2:41 p.m.8 views

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.7AI score0.00189EPSS
Exploits1References5
OSV
OSV
added 2026/05/03 9:57 a.m.17 views

OESA-2026-2171 sssd security update

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/05/03 9:56 a.m.18 views

OESA-2026-2170 sssd security update

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.7 views

CVE-2026-35368

A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...

7.8CVSS6AI score0.00136EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6AI score0.00136EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-MH5C-XRMH-M794 uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 4:8 p.m.18 views

CVE-2026-35368

CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.11 views

CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.8 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

uutils coreutils 代码问题漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a code vulnerability in uutils coreutils. This vulnerability arises from the use of the --userspec option during chroot operations. After entering chroot, the user specification is resolved,...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References1
Rows per page
Query Builder