CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29 matches found

RedHat Linux•added 2026/05/19 2:41 p.m.•6 views

glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

A flaw was found in glibc the GNU C Library. When an application uses the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS Domain Name System response. This crafted response can caus...

7.5CVSS5.8AI score0.00089EPSS

Exploits1References5

Tenable Nessus•added 2026/03/26 12:0 a.m.•0 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006299)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006299 advisory. Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in...

7.5CVSS6AI score0.00023EPSS

Exploits0References4

RedhatCVE•added 2026/03/23 7:3 a.m.•1 views

CVE-2026-4438

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.6AI score0.00066EPSS

Exploits1References4

RedhatCVE•added 2026/03/23 7:3 a.m.•2 views

CVE-2026-4437

7.5CVSS5.6AI score0.00089EPSS

Exploits1References4

UbuntuCve•added 2026/03/20 8:16 p.m.•0 views

CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

5.4CVSS5.9AI score0.00066EPSS

Exploits1References3

CVE•added 2026/03/20 7:59 p.m.•11 views

CVE-2026-4438

CVE-2026-4438 concerns gethostbyaddr/gethostbyaddr_r built against an NSS DNS backend as configured in glibc (versions 2.34–2.43). The issue can cause an invalid DNS hostname to be returned to the caller, violating DNS specifications. Details originate from NVD/CVE records and the Sourceware bug ...

5.4CVSS5.8AI score0.00066EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/03/20 7:59 p.m.•8 views

CVE-2026-4437

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

5.8AI score0.00089EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/20 7:59 p.m.•0 views

CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

5.8AI score0.00089EPSS

Exploits1References1

Tenable Nessus•added 2026/03/20 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-4438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2....

5.4CVSS5.8AI score0.00066EPSS

Exploits1References3

SUSE Linux•added 2026/03/13 3:25 p.m.•3 views

Security update for glibc

This update for glibc fixes the following issues: CVE-2026-0861: memalign: reinstate alignment overflow check bsc1256766 CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr bsc1256822 CVE-2025-15281: posix: Reset wordexpt fields with WRDEREUSE bsc1257005 CVE-2025-8058: posix: Fix...

8.5CVSS6.8AI score0.0009EPSS

Exploits1References16

OSV•added 2026/03/13 3:25 p.m.•1 views

SUSE-SU-2026:0896-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2026-0861: memalign: reinstate alignment overflow check bsc1256766 - CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr bsc1256822 - CVE-2025-15281: posix: Reset wordexpt fields with WRDEREUSE bsc1257005 - CVE-2025-8058: posix: Fix...

8.4CVSS5.8AI score0.0009EPSS

Exploits1References9

RedHat Linux•added 2026/02/17 10:36 a.m.•1 views

glibc: glibc: Information disclosure via zero-valued network query

A flaw was found in glibc, the GNU C Library. When an application calls the getnetbyaddr or getnetbyaddrr functions to resolve a network address, and the system's nsswitch.conf file is configured to use a DNS Domain Name System backend for network lookups, a query for a zero-valued network can le...

7.5CVSS5.8AI score0.00023EPSS

Exploits0References5

Tenable Nessus•added 2026/02/04 12:0 a.m.•2 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : GNU C Library vulnerabilities (USN-8005-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8005-1 advisory. Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when...

8.4CVSS7.2AI score0.0009EPSS

Exploits1References5

SUSE CVE•added 2026/01/17 12:25 a.m.•2 views

SUSE CVE-2026-0915

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver...

5.3CVSS6.9AI score0.00023EPSS

Exploits0References14

RedhatCVE•added 2026/01/16 8:38 a.m.•3 views

CVE-2026-0915

7.5CVSS5.8AI score0.00023EPSS

Exploits0References4

OSV•added 2026/01/15 10:16 p.m.•3 views

AZL-74817 CVE-2026-0915 affecting package glibc for versions less than 2.35-9

7.5CVSS7.1AI score0.00023EPSS

Exploits0References1

OSV•added 2026/01/15 10:16 p.m.•1 views

CVE-2026-0915