Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33540

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull- through cache mode, distribution discovers token auth...

7.5CVSS7.1AI score0.00274EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/06 2:55 p.m.3 views

CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.9AI score0.00274EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/06 2:55 p.m.6 views

CVE-2026-33540

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...

7.5CVSS5.3AI score0.00274EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.13 views

PT-2026-30630

Distribution versions prior to 3.1.0 are affected by an issue where the software incorrectly handles token authentication endpoints. Specifically, when operating in pull-through cache mode, the software parses WWW-Authenticate challenges from the upstream registry without validating the realm URL...

9.8CVSS8.2AI score0.00276EPSS
Exploits1References79
Rows per page
Query Builder