Lucene search
K

41 matches found

CVE
CVE
added 4 days ago13 views

CVE-2026-8925

CVE-2026-8925 affects curl with SASL authentication. The issue is a double-free: the GSASL context can be cleaned up twice without clearing the pointer, potentially freeing the same pointer twice. This vulnerability is present in curl versions prior to 8.21.0 (e.g., 8.15.0), and remote exploitati...

9.8CVSS5.9AI score0.00248EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-56968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted...

5.3CVSS6AI score0.00241EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8925

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...

9.8CVSS5.8AI score0.00248EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

5.3CVSS0.00241EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/23 4:18 p.m.33 views

CVE-2026-56968

GNU SASL before 2.2.4 lacks sanitization of a short challenge in gsaslntlmclientstep in the NTLM client, which could result in memory disclosure via a crafted server...

3.7CVSS0.00241EPSS
Exploits1References4
CVE
CVE
added 2026/06/23 4:18 p.m.21 views

CVE-2026-56968

CVE-2026-56968 affects GNU SASL versions prior to 2.2.4. The NTLM client’s short challenge in the function _gsasl_ntlm_client_step has inadequate sanitization, which can lead to memory disclosure when interacting with a crafted server. Public sources (SUSE, Debian OSV, Ubuntu/Ubuntu-related advis...

5.3CVSS5.8AI score0.00241EPSS
Exploits1References4Affected Software1
Debian
Debian
added 2026/06/16 7:8 p.m.9 views

[SECURITY] [DSA 6348-1] gsasl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2026 https://www.debian.org/security/faq -...

5.3AI score
Exploits0
Debian
Debian
added 2026/06/05 1:56 p.m.9 views

[SECURITY] [DLA 4618-1] gsasl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4618-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz June 05, 2026 https://wiki.debian.org/LTS -...

7.5CVSS5.3AI score0.00455EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : GNU SASL vulnerability (USN-8356-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8356-1 advisory. It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/01 2:22 p.m.14 views

USN-8356-1: GNU SASL vulnerability

It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service...

7.5CVSS5.8AI score0.00455EPSS
Exploits0
OSV
OSV
added 2026/06/01 2:22 p.m.11 views

USN-8356-1 gsasl vulnerability

It was discovered that GNU SASL did not properly handle certain DIGEST-MD5 tokens. An attacker could possibly use this issue to cause GNU SASL to crash, resulting in a denial of service...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.13 views

SUSE CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.10 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-48829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This...

7.5CVSS5.5AI score0.00455EPSS
Exploits0References2
OSV
OSV
added 2026/05/24 4:16 a.m.5 views

UBUNTU-CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/24 4:16 a.m.17 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/24 2:22 a.m.14 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/24 2:22 a.m.13 views

EUVD-2026-31562

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/24 2:22 a.m.22 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS0.00455EPSS
Exploits0References4
CVE
CVE
added 2026/05/24 2:22 a.m.64 views

CVE-2026-48829

Technical details (affected product/versions, root cause, impact, fixes) are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
Rows per page
Query Builder