Lucene search
K

9 matches found

SUSE CVE
SUSE CVE
added 2026/03/31 11:28 p.m.4 views

SUSE CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.9AI score0.00148EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/31 12:31 p.m.8 views

EUVD-2026-17403

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.9AI score0.00148EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 12:16 p.m.4 views

UBUNTU-CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.8AI score0.00148EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 11:59 a.m.25 views

CVE-2026-24029 DNS over HTTPS ACL bypass

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS0.00148EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/31 11:59 a.m.2 views

CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.8AI score0.00148EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/31 11:59 a.m.4 views

CVE-2026-24029

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.2AI score0.00148EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/31 11:59 a.m.2 views

CVE-2026-24029 DNS over HTTPS ACL bypass

When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...

6.5CVSS5.9AI score0.00148EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 11:59 a.m.13 views

CVE-2026-24029

CVE-2026-24029 affects a DNS-over-HTTPS frontend using the nghttp2 provider. When the early_acl_drop (earlyACLDrop in Lua) option is disabled, the ACL check is skipped, permitting all clients to issue DoH queries regardless of the configured ACL. The default setting enables early_acl_drop, so the...

6.5CVSS5.9AI score0.00148EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-29244

Name of the Vulnerable Software and Affected Versions versions prior to the fix for CVE-2026-24029 Description When the early acl drop or earlyACLDrop in Lua option is disabled, and a DNS over HTTPs frontend is utilizing the nghttp2 provider, the Access Control List ACL check is bypassed. This...

6.5CVSS5AI score0.00148EPSS
Exploits0References48
Rows per page
Query Builder