Lucene search
+L

28 matches found

redhatcve
redhatcve
added 2026/06/29 1:50 p.m.8 views

CVE-2026-12246

A flaw was found in NSD. A remote attacker, operating as a configured primary DNS server in a multi-tenant secondary DNS deployment, could exploit a bug involving specially crafted Address Prefix List APL resource records. By providing an APL record with an adflength larger than permitted, the...

8.1CVSS6.5AI score0.00265EPSS
Exploits0References3
osv
osv
added 2026/06/25 12:0 a.m.4 views

UBUNTU-CVE-2026-12246

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

8.1CVSS5.8AI score0.00265EPSS
Exploits0References3
euvd
euvd
added 2026/05/10 3:33 a.m.15 views

EUVD-2026-28960

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

6.9CVSS5.5AI score0.00502EPSS
Exploits1References6
cve
cve
added 2026/05/10 3:0 a.m.29 views

CVE-2026-8224

Open5GS PCF component (up to 2.7.7) is affected by CVE-2026-8224 via the function pcf_sess_set_ipv6prefix in src/pcf/context.c. An attacker can manipulate SmPolicyContextData.ipv6AddressPrefix to trigger a denial of service. The issue is exploitable remotely, and public exploit information has be...

7.5CVSS5.7AI score0.00502EPSS
Exploits1References5Affected Software1
vulnrichment
vulnrichment
added 2026/05/10 3:0 a.m.7 views

CVE-2026-8224 Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

6.9CVSS5.7AI score0.00502EPSS
Exploits1References5
cvelist
cvelist
added 2026/05/10 3:0 a.m.47 views

CVE-2026-8224 Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service

A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcfsesssetipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to...

6.9CVSS0.00502EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/05/10 12:0 a.m.12 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the function pcfsesssetipv6prefix in the PCF component’s file...

7.5CVSS6.1AI score0.00502EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/09 12:0 a.m.10 views

PT-2026-31592

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A security issue exists in Totolink A7100RU 7.4cu.2313 b20191024. The setIpv6LanCfg function within the /cgi-bin/cstecgi.cgi file of the CGI Handler component is susceptible to os comma...

10CVSS7AI score0.14277EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/04/03 12:36 p.m.3 views

CVE-2026-34785

A flaw was found in Rack. The Rack::Static component, which serves static files for web applications, uses a simple string prefix check to determine if a request should be served as a static file. This can lead to unintended information disclosure, as files with names that merely share a configur...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References4
cvelist
cvelist
added 2026/03/31 4:56 p.m.25 views

CVE-2026-34359 HAPI FHIR: Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect in HAPI FHIR Core

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured...

7.4CVSS0.00158EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/03/30 12:0 a.m.4 views

PT-2026-29162

Name of the Vulnerable Software and Affected Versions HAPI FHIR versions prior to 6.9.4 Description The software uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Configured server URLs lack a trailing slash or host boundary check,...

9.1CVSS5.5AI score0.00158EPSS
Exploits1References8
nessus
nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : bind-9.8.2-0.37.5.0.2.rc1.AXS4 (AXSA:2016-051:01)

"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-051:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names ...

6.8CVSS6.8AI score0.5469EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 9:0 a.m.10 views

CVE-2023-50926

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be caused by an incoming DIO message when using the RPL-Lite implementation in the Contiki-NG operating system. More specifically, the prefix information of the DIO message...

7.5CVSS6.5AI score0.0053EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:18 p.m.12 views

CVE-2021-32771

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have...

8.1CVSS7.3AI score0.01046EPSS
Exploits0
astralinux
astralinux
added 2025/02/11 7:35 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: xfrm: Validates the prefix length of new SA entries using the SA family, when sel.family is unset. This extends the validation introduced in commit 07bf7908950a “xfrm: Validates address prefix lengths in the xfrm selector”. The...

5.5CVSS6.2AI score0.00259EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/11/07 9:31 a.m.7 views

CVE-2024-50142 xfrm: validate new SA's prefixlen using SA family when sel.family is unset

In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a "xfrm: Validate address prefix lengths in the xfrm selector." syzbot created an SA with...

7.5AI score0.00259EPSS
Exploits0References8
susecve
susecve
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2005-3651

Stack-based buffer overflow in the dissectospfv3addressprefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets...

7.5CVSS8.4AI score0.06199EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 5:11 a.m.5 views

SUSE CVE-2015-8704

apl42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service INSIST assertion failure and daemon exit via a malformed Address Prefix List APL record...

6.5CVSS6.7AI score0.20172EPSS
Exploits0References12
cvelist
cvelist
added 2022/08/04 8:25 p.m.32 views

CVE-2021-32771 Buffer overflow in contiki-ng

Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have...

8.1CVSS8.4AI score0.01046EPSS
Exploits0References4
oraclelinux
oraclelinux
added 2019/11/14 12:0 a.m.37 views

dhcp security and bug fix update

12:4.3.6-34 - Resolves: 1704672 - Fix crash caused by bind rebase 12:4.3.6-33 - Resolves: 1673946 - Change default prefix length to 128 - Add address-prefix-lenght option to change default value - Fix backporting issues 12:4.3.6-31 - Resolves: 1685560 - Drop executable flag from NM dispatcher...

7.5CVSS0.7AI score0.08813EPSS
Exploits1
Rows per page
Query Builder