Lucene search
K

321 matches found

Redos
Redos
added 2025/08/07 12:0 a.m.5 views

ROS-20250807-02

The vulnerability of the Podman OCI container management and launching software tool is related to errors in the in the certificate authentication procedure. Exploitation of the vulnerability could allow an attacker, acting remotely to execute a man-in-the-middle attack...

8.3CVSS6.4AI score0.00397EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/08/07 12:0 a.m.5 views

PT-2025-32278 · Imanami +1 · Groupid +1

Name of the Vulnerable Software and Affected Versions: Netwrix Directory Manager formerly Imanami GroupID versions 11.0.0.0 through 11.1.25162.02 Description: The software contains a cross-site scripting XSS issue related to authentication error data. Recommendations: Update Netwrix Directory...

6.1CVSS5.6AI score0.00324EPSS
Exploits0References6
NVD
NVD
added 2025/08/03 2:15 a.m.6 views

CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS0.00385EPSS
Exploits0References3
OSV
OSV
added 2025/08/03 2:15 a.m.3 views

DEBIAN-CVE-2025-54350

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS5.6AI score0.00385EPSS
Exploits0References1
OSV
OSV
added 2025/08/03 2:15 a.m.7 views

AZL-66057 CVE-2025-54350 affecting package iperf3 for versions less than 3.17.1-3

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

5.3CVSS5.8AI score0.00385EPSS
Exploits0References1
CVE
CVE
added 2025/08/03 12:0 a.m.49 views

CVE-2025-54350

CVE-2025-54350 affects iperf/iperf3 prior to version 3.19.1. The issue is an assertion failure in iperf_auth.c during a malformed authentication attempt, caused by a Base64Decode error, which can cause the application to exit. Several connected advisories confirm the impact and the fix version: p...

5.3CVSS6.7AI score0.00385EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/21 4:16 a.m.11 views

kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

A flaw was found in the Linux kernel, where a specially crafted RPC packet could cause data corruption or trigger a system panic. This flaw allows a remote attacker who can make RPC calls to send an intentionally malformed packet, potentially compromising system integrity or causing a denial of...

5.5CVSS7.2AI score0.00271EPSS
Exploits2References5
Amazon
Amazon
added 2025/07/10 12:0 a.m.11 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range access of vnicinfo array CVE-2025-22112 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphywork before allocating rfkill fails CVE-2025-22119 ...

7.8CVSS6.5AI score0.01345EPSS
Exploits13
CNVD
CNVD
added 2025/07/04 12:0 a.m.4 views

TOTOLINK T6 Authentication Error Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's Gion Electronics TOTOLINK. An authentication error vulnerability exists in TOTOLINK T6 version 4.1.5cu.748B20211015, which stems from a lack of authentication in the parameter authCode/goURL in the file /formLoginAuth.htm. An attacker could...

8.8CVSS7.1AI score0.00747EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/06/30 11:30 p.m.1 views

SUSE CVE-2025-38089

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

7.5CVSS6.6AI score0.00271EPSS
Exploits2References68
NVD
NVD
added 2025/06/30 8:15 a.m.7 views

CVE-2025-38089

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

5.5CVSS0.00271EPSS
Exploits2References7
OSV
OSV
added 2025/06/30 8:15 a.m.6 views

AZL-64398 CVE-2025-38089 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

5.5CVSS6.4AI score0.00271EPSS
Exploits2References1
OSV
OSV
added 2025/06/30 8:15 a.m.1 views

DEBIAN-CVE-2025-38089

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

5.5CVSS5.5AI score0.00271EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/06/30 7:29 a.m.7 views

CVE-2025-38089 sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

0.00271EPSS
Exploits2References6
OSV
OSV
added 2025/06/30 7:29 a.m.4 views

CVE-2025-38089 sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVCGARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a w...

5.5CVSS6.5AI score0.00271EPSS
Exploits2References10
CVE
CVE
added 2025/06/30 7:29 a.m.120 views

CVE-2025-38089

The CVE-2025-38089 issue affects the Linux kernel sunrpc auth path. A remotely triggerable crash can occur when a specially crafted RPC reply yields SVC_GARBAGE without setting rq_accept_statp, risking NULL dereference or memory scribble. The bug arises because a SVC_GARBAGE return was treated as...

5.5CVSS6.4AI score0.00271EPSS
Exploits2References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.3 views

PT-2025-27419

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A remotely-triggerable crash can occur in the Linux kernel if a client sends a specially crafted packet to the kernel RPC server. This happens when decoding the RPC reply fails and...

7.5CVSS6.7AI score0.00271EPSS
Exploits2
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.1 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: sunrpc: Handle SVCGARBAGE during svcauth processing as an auth error. Tianshuo Han reported a remotely-triggered crash if the client sends a specially crafted packet to the kernel RPC server. If the decoding of the RPC reply fail...

5.5CVSS6.2AI score0.00271EPSS
Exploits2References3
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.5 views

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server, related to an authentication error, allows unauthorized access to user domain accounts.

The vulnerability of the “Termide Virtual Desktops Connection Manager” software server is related to an authentication error based on the Kerberos protocol. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to user account credentials...

6.8CVSS5.5AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.12 views

CVE-2024-22647

An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames...

5.3CVSS6.7AI score0.00557EPSS
Exploits1References1
Rows per page
Query Builder