Lucene search
K

23 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 3:17 p.m.7 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS0.00231EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 2:8 p.m.8 views

EUVD-2026-41004

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 4:6 p.m.11 views

MAL-2026-5399 Malicious code in kraken-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 168f5bafda658807ea431a8cb06a1e3006d639d17b7f0c97d3d63e34f49129d5 On require/load, index.js imports os, dns, https, querystring, and the local package.json, then collects os.hostname, os.userInfo.username, os.homedi...

5.4AI score
Exploits0References1
EUVD
EUVD
added 2026/05/04 6:5 p.m.13 views

EUVD-2026-27043

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

8.1CVSS6.5AI score0.00375EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

Tenda W3002R 安全漏洞

The Tenda W3002R is a wireless router produced by the Chinese company Tenda. The Tenda W3002R has a security vulnerability, which stems from a Cookie session weakness. This vulnerability allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. They ca...

9.8CVSS5.8AI score0.00651EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/01/30 12:0 a.m.44 views

EulerOS Virtualization 3.0.2.2 : c-ares (EulerOS-SA-2023-1246)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/05/12 12:0 a.m.25 views

AlmaLinux 8 : c-ares (ALSA-2022:2043)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2043 advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostname...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/03/28 11:15 p.m.3 views

CVE-2022-26639

TP-LINK TL-WR840NESV6.20 was discovered to contain a buffer overflow via the DNSServers parameter...

7.2CVSS7.3AI score0.01234EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/02/12 12:0 a.m.27 views

EulerOS Virtualization 3.0.6.0 : c-ares (EulerOS-SA-2022-1057)

According to the versions of the c-ares packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/11/17 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-2737)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.2AI score0.02617EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.35 views

EulerOS Virtualization 2.9.1 : c-ares (EulerOS-SA-2021-2737)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/11/12 12:0 a.m.18 views

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-2704)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.2AI score0.02617EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/11/02 12:0 a.m.22 views

EulerOS 2.0 SP8 : c-ares (EulerOS-SA-2021-2623)

According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output ...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/10/25 12:0 a.m.27 views

EulerOS 2.0 SP3 : c-ares (EulerOS-SA-2021-2574)

According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output ...

6.8CVSS6.8AI score0.02617EPSS
Exploits1References2
OSV
OSV
added 2021/08/16 7:15 p.m.35 views

CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

9.8CVSS7.5AI score0.21952EPSS
Exploits1References9
Prion
Prion
added 2021/08/16 7:15 p.m.29 views

Input validation

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

7.5CVSS9.7AI score0.21952EPSS
Exploits1References9Affected Software5
Cvelist
Cvelist
added 2021/08/16 12:0 a.m.33 views

CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

10AI score0.21952EPSS
Exploits1References9
Rows per page
Query Builder