Lucene search
+L

438 matches found

cnnvd
cnnvd
added 2026/02/08 12:0 a.m.8 views

D-Link DIR-823X 操作系统命令注入漏洞

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations on the parameters ddnsType, ddnsDomainName, ddnsUserName, and ddnsPwd i...

8.6CVSS7.1AI score0.04317EPSS
Exploits1References6
osv
osv
added 2026/01/30 12:28 p.m.8 views

OESA-2026-1266 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

7.5CVSS5.8AI score0.00564EPSS
Exploits0References3
nvd
nvd
added 2026/01/24 2:15 a.m.17 views

CVE-2026-24401

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the alias and canonica...

6.5CVSS0.00252EPSS
Exploits0References3
nessus
nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : bind-9.8.2-0.37.7.0.1.rc1.AXS4 (AXSA:2016-143:02)

"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-143:02 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...

8.6CVSS7AI score0.621EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/01/15 10:8 p.m.4 views

CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

7.5CVSS5.5AI score0.00564EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2026/01/07 9:42 a.m.6 views

CVE-1999-0810

Denial of service in Samba NETBIOS name service daemon nmbd...

10CVSS7AI score0.0213EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/07 9:40 a.m.13 views

CVE-1999-0288

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service process termination via invalid UDP frames to port 137 NETBIOS Name Service, as demonstrated via a flood of random packets...

5CVSS6.9AI score0.21326EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/03 2:2 p.m.6 views

CVE-2025-11787

Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...

8.8CVSS7.5AI score0.00916EPSS
Exploits0References1
packetstorm
packetstorm
added 2025/11/27 12:0 a.m.200 views

📄 sudo 1.9.17 Local Privilege Escalation

sudo version 1.9.17 local privilege escalation proof of concept exploit that leverages NSS module loading. ============================================================================================================================================= | Title : sudo 1.9.17 local Privilege Escalation...

9.3CVSS7.6AI score0.47467EPSS
Exploits70
openvas
openvas
added 2025/11/25 12:0 a.m.5 views

mDNS Service Public WAN (Internet) Accessible

The script checks if the target host is exposing a service supporting the Multicast DNS mDNS protocol to a Public WAN Internet. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

6.9AI score
Exploits0References6
euvd
euvd
added 2025/11/24 1:32 p.m.7 views

EUVD-2025-198796

Malicious code in @ensdomains/ccip-read-dns-gateway npm...

6.6AI score
Exploits0References1
redos
redos
added 2025/11/24 12:0 a.m.5 views

ROS-20251124-07

Vulnerability of WINS name resolution server implementation of Samba networking software package exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending a specially crafted request ...

10CVSS7.7AI score0.40121EPSS
Exploits2
githubexploit
githubexploit
added 2025/11/23 12:28 a.m.186 views

Exploit for CVE-2025-10230

CVE-2025-10230 CVE-2025-102...

10CVSS7.3AI score0.40121EPSS
Exploits2
nessus
nessus
added 2025/11/13 12:0 a.m.9 views

Siemens SIMATIC S7-1500 Stack-based Buffer Overflow (CVE-2024-33599)

nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's nscd fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was...

8.1CVSS7.3AI score0.0131EPSS
Exploits0References4
nessus
nessus
added 2025/11/13 12:0 a.m.3 views

Siemens SIMATIC S7-1500 Use After Free (CVE-2023-4806)

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without implementing the...

5.9CVSS6.5AI score0.01439EPSS
Exploits0References4
nessus
nessus
added 2025/11/13 12:0 a.m.8 views

Siemens SIMATIC S7-1500 Return of Pointer Value Outside of Expected Range (CVE-2024-33602)

nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerabili...

7.4CVSS6.4AI score0.00403EPSS
Exploits0References4
nessus
nessus
added 2025/11/13 12:0 a.m.8 views

Siemens SIMATIC S7-1500 Reachable Assertion (CVE-2024-33601)

nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's nscd netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was...

7.3CVSS6.4AI score0.01075EPSS
Exploits0References4
nvd
nvd
added 2025/11/11 5:15 p.m.5 views

CVE-2025-12942

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86...

7.5CVSS0.0029EPSS
Exploits0References3
debiancve
debiancve
added 2025/11/07 7:42 p.m.8 views

CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS8.7AI score0.40121EPSS
Exploits2
cnnvd
cnnvd
added 2025/11/07 12:0 a.m.6 views

Samba 操作系统命令注入漏洞

Samba is Samba open source a standard Windows interoperability program suite for Linux and Unix. Samba suffers from an operating system command injection vulnerability that stems from a lack of proper validation or escaping of NetBIOS names in front-end WINS hook processing, which could lead to...

10CVSS7.5AI score0.40121EPSS
Exploits2References4
Rows per page
Query Builder