Lucene search
K

13164 matches found

OSV
OSV
added 2026/06/30 10:16 a.m.4 views

DEBIAN-CVE-2026-12610

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of servi...

6.4CVSS5.7AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:27 a.m.7 views

EUVD-2026-40268

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of servi...

6.4CVSS5.8AI score0.00155EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 8:27 a.m.12 views

CVE-2026-12610

The CVE-2026-12610 issue affects the SSSD project, specifically the PAM responder path used during YubiKey authentication. A use-after-free in the PAM responder can cause the sssd process to crash when handling memory pointers manipulated via smartcards or YubiKey contents, leading to a denial of...

6.4CVSS5.8AI score0.00155EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/30 8:26 a.m.8 views

CVE-2026-12610

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of servi...

6.4CVSS5.8AI score0.00155EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

FreeBSD : rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation (0f3342e3-73ba-11f1-910d-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0f3342e3-73ba-11f1-910d-3c7c3fba4204 advisory. https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/29 1:50 p.m.6 views

CVE-2026-12244

A flaw was found in nsd. When nsd is configured as a secondary server for a zone, a remote attacker, acting as the primary server for that zone, can send a specially crafted DNS message within an AXFR Asynchronous Full Zone Transfer request. This message, containing a malformed SVCB Service Bindi...

8.8CVSS6.2AI score0.00303EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 1:50 p.m.7 views

CVE-2026-12245

A flaw was found in NSD. When NSD is configured with DNS over TLS DoT, a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 1:50 p.m.7 views

CVE-2026-12246

A flaw was found in NSD. A remote attacker, operating as a configured primary DNS server in a multi-tenant secondary DNS deployment, could exploit a bug involving specially crafted Address Prefix List APL resource records. By providing an APL record with an adflength larger than permitted, the...

8.1CVSS6.5AI score0.00265EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-313 Cobbler has Exposed Dangerous Method or Function

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon...

9.8CVSS7.4AI score0.6786EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on...

8.8CVSS5.8AI score0.00466EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-12246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack wh...

8.1CVSS5.8AI score0.00265EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:18 a.m.11 views

ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE

...

9.8CVSS5.8AI score0.00165EPSS
Exploits0
CVE
CVE
added 2026/06/26 4:23 p.m.11 views

CVE-2026-28385

CVE-2026-28385 : Canonical LXD 4.12–6.9 contains an SSRF in image import from URL sources. Authenticated users with the can_create_images entitlement can leverage the /images endpoint to trigger outbound requests from the LXD daemon, failing to validate or restrict destinations. This allows conta...

5CVSS5.8AI score0.00172EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/26 4:16 p.m.2 views

DEBIAN-CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/26 3:39 p.m.5 views

CVE-2026-9639

Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with cancreatestoragevolumes permissions to cause a denial of service via a specially crafted custom-volume backup tarball that omits the expiresat snapshot field...

6.5CVSS5.7AI score0.00389EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.6 views

PT-2026-52843

Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...

6.5CVSS6AI score0.00389EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:22187-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22187-1 advisory. This update for perl-HTTP-Daemon fixes the following issue - CVE-2026-8450: HTTP: Daemon versions before 6.17 for Perl allow OS command...

9.1CVSS6AI score0.01231EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

Disc Soft DAEMON Tools Lite 12.5.0.2421 - 12.5.0.2434 Embedded Malicious Code (CVE-2026-8398)

The version of Disc Soft DAEMON Tools Lite installed on the remote Windows host is between 12.5.0.2421 and 12.5.0.2434 inclusive. It is, therefore, affected by an embedded malicious code vulnerability. - A supply chain attack compromised the official installation packages of DAEMON Tools Lite,...

9.8CVSS6.2AI score0.01456EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES15 Security Update : kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:2503-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2503-1 advisory. This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.37 fixes various security issues The following security issues were fixed: -...

9.8CVSS6.8AI score0.0049EPSS
Exploits8References17
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-626 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.3CVSS6AI score0.00152EPSS
Exploits0References7
Rows per page
Query Builder