CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в glibc

A flaw has been identified in glibc. In a rare situation, the gaihinet function may use memory that has already been freed, leading to an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

5.9CVSS6.6AI score0.01669EPSS

Exploits0References2

RedHat Linux•added 2026/05/19 2:41 p.m.•7 views

glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

A flaw was found in glibc the GNU C Library. When an application uses the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS Domain Name System response. This crafted response can caus...

7.5CVSS5.8AI score0.00292EPSS

Exploits1References5

RedhatCVE•added 2026/03/23 7:3 a.m.•2 views

CVE-2026-4438

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.6AI score0.00189EPSS

Exploits1References4

RedhatCVE•added 2026/03/23 7:3 a.m.•3 views

CVE-2026-4437

7.5CVSS5.6AI score0.00292EPSS

Exploits1References4

EUVD•added 2026/03/20 9:31 p.m.•4 views

EUVD-2026-13796

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

5.8AI score0.00292EPSS

Exploits1References2

EUVD•added 2026/03/20 9:31 p.m.•4 views

EUVD-2026-13798

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.8AI score0.00189EPSS

Exploits1References2

ATTACKERKB•added 2026/03/20 7:59 p.m.•10 views

CVE-2026-4438

5.8AI score0.00189EPSS

Exploits1References2Affected Software1

ATTACKERKB•added 2026/03/20 7:59 p.m.•9 views

CVE-2026-4437

5.8AI score0.00292EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/20 7:59 p.m.•0 views

CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

5.8AI score0.00292EPSS

Exploits1References1

Debian CVE•added 2026/03/20 7:59 p.m.•4 views

CVE-2026-4437

7.5CVSS5.2AI score0.00292EPSS

Exploits1

RedHat Linux•added 2026/02/17 10:36 a.m.•1 views

glibc: glibc: Information disclosure via zero-valued network query

A flaw was found in glibc, the GNU C Library. When an application calls the getnetbyaddr or getnetbyaddrr functions to resolve a network address, and the system's nsswitch.conf file is configured to use a DNS Domain Name System backend for network lookups, a query for a zero-valued network can le...

7.5CVSS5.8AI score0.00564EPSS

Exploits0References5

SUSE CVE•added 2026/01/17 12:25 a.m.•3 views

SUSE CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

5.3CVSS6.9AI score0.00564EPSS

Exploits0References14

RedhatCVE•added 2026/01/16 8:38 a.m.•4 views

CVE-2026-0915

7.5CVSS5.8AI score0.00564EPSS

Exploits0References4

EUVD•added 2026/01/16 12:30 a.m.•4 views

EUVD-2026-2855

6.3AI score0.00564EPSS

Exploits0References3

OSV•added 2026/01/15 10:16 p.m.•11 views

DEBIAN-CVE-2026-0915

7.5CVSS7.7AI score0.00564EPSS

Exploits0References1

OSV•added 2026/01/15 10:16 p.m.•2 views

AZL-74633 CVE-2026-0915 affecting package glibc for versions less than 2.38-18

7.5CVSS5.8AI score0.00564EPSS

Exploits0References1

Cvelist•added 2026/01/15 10:8 p.m.•19 views

CVE-2026-0915 getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler

0.00564EPSS

Exploits0References1

CNNVD•added 2026/01/15 12:0 a.m.•3 views

GNU C Library security vulnerabilities

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions 2.0 through 2.42 of the GNU C Library contained security vulnerabilities. These vulnerabilities occurred when using the nsswitch.conf configuration with a DNS...

7.5CVSS7.2AI score0.00564EPSS

Exploits0References2

Tenable Nessus•added 2026/01/14 12:0 a.m.•4 views

MiracleLinux 3 : sudo-1.7.2p1-14.AXS3.3 (AXSA:2012-777:03)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-777:03 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

5.6CVSS5.7AI score0.00435EPSS

Exploits1References2

Positive Technologies•added 2026/01/01 12:0 a.m.•4 views

PT-2026-26671

Name of the Vulnerable Software and Affected Versions GNU C library versions 2.34 through 2.43 Description The GNU C library’s gethostbyaddr and gethostbyaddr r functions, when used with a configured nsswitch.conf file specifying the library’s DNS backend, may return invalid DNS hostnames. This...

5.4CVSS5.8AI score0.00189EPSS

Exploits1References46

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by