Lucene search
K

438 matches found

CVE
CVE
added 2026/04/24 7:19 p.m.49 views

CVE-2026-41429

CVE-2026-41429 affects the arduino-esp32 core (ESP32/ESP32-S2/ESP32-S3/ESP32-C3/ESP32-C6/ESP32-H2). The issue is a memory corruption in NBNS packet handling when NetBIOS is enabled via NBNS.begin(...); the code path listens on UDP port 137 and processes untrusted NBNS requests. The request parser...

8.8CVSS5.6AI score0.00307EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

arduino-esp32 安全漏洞

Arduino-ESP32 is an open-source project by Espressif, designed for use with the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6, and ESP32-H2 boards. Versions of Arduino-ESP32 prior to 3.3.8 contained a security vulnerability. This vulnerability stemmed from a remote exploitable memory corruption...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-25016

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-MH5C-XRMH-M794 uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6AI score0.00136EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.12 views

CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.8 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
CVE
CVE
added 2026/04/22 4:8 p.m.21 views

CVE-2026-35368

CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-35368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam afte...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34504

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chroot utility occurs when the --userspec option is used. The utility calls the getPwnam function to resolve user specifications after entering the chroot environment b...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

uutils coreutils 代码问题漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a code vulnerability in uutils coreutils. This vulnerability arises from the use of the --userspec option during chroot operations. After entering chroot, the user specification is resolved,...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/20 9:16 p.m.7 views

CVE-2026-5358

Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold...

5.7AI score0.0004EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 6:44 a.m.3 views

SUSE-SU-2026:21019-1 Security update for glibc

This update for glibc fixes the following issues: Security fixes: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response bsc1260078. - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions bsc1260082. Other fixes: - nss: Missing checks in...

7.5CVSS5.8AI score0.00292EPSS
Exploits2References6
OSV
OSV
added 2026/04/10 6:44 a.m.9 views

SUSE-SU-2026:21164-1 Security update for glibc

This update for glibc fixes the following issues: Security fixes: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response bsc1260078. - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions bsc1260082. Other fixes: - nss: Missing checks in...

7.5CVSS5.8AI score0.00292EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/04/09 2:13 p.m.2 views

glibc: nscd client crash on x86_64 under high nscd load

A flaw was found in glibc. When calling NSS-backed functions that support caching via nscd, the nscd client under high load on x8664 systems may call the memcmp function on inputs that are concurrently modified by other processes or threads, causing a crash and resulting in a denial of service...

6.2CVSS6.1AI score0.00146EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2026/04/08 11:24 p.m.11 views

SUSE CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

6.2CVSS5.8AI score0.00383EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.5 views

CVE-2026-34397

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

7CVSS5.8AI score0.00158EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/04/02 5:39 p.m.16 views

curl: Data race in Curl_dnscache_add_negative() corrupts shared DNS cache — heap corruption and double-free when using CURLOPT_SHARE with CURL_LOCK_DATA_DNS

Data race in Curldnscacheaddnegative corrupts shared DNS cache — heap corruption and double-free when using CURLOPTSHARE with CURLLOCKDATADNS Severity: Medium CVSS 3.1: 6.5 — AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H --- Summary Curldnscacheaddnegative in lib/dnscache.c modifies the shared DNS cache ha...

6.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/01 5:25 p.m.4 views

CVE-2026-34397 himmelblau: NSS fake-primary group lookup reintroduces name collision risk

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS5.8AI score0.00158EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/01 5:25 p.m.21 views

CVE-2026-34397 himmelblau: NSS fake-primary group lookup reintroduces name collision risk

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose...

6.3CVSS0.00158EPSS
Exploits1References3
Rows per page
Query Builder