Lucene search
K

632 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-14612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out- of-bounds memory access when processing an oversized...

4.2CVSS6AI score0.00142EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 10:45 p.m.8 views

MAL-2026-6749 Malicious code in ipa-user-collector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5719ec23d0195e518782dbc26a8a05b54fd827d1ec18d41619d163f7175eaa28 The package ships an empty runtime module src/ipausercollector/init.py contains only version but overrides setup.py cmdclass for install, develop, an...

6.5AI score
Exploits0References3
OSV
OSV
added 2026/07/03 4:16 p.m.4 views

UBUNTU-CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score0.00142EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 3:11 p.m.7 views

EUVD-2026-41554

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/03 3:11 p.m.7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score0.00142EPSS
Exploits0
CVE
CVE
added 2026/07/03 3:11 p.m.24 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score0.00142EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 3:11 p.m.8 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score0.00142EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in freeipa

A flaw was identified in the FreeIPA API audit; it sends the entire FreeIPA command line to journalctl. As a result, during the FreeIPA installation process, administrative user credentials—including the administrator’s password—are inadvertently leaked into the journal database. In the worst-cas...

5.5CVSS5.6AI score0.00226EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in freeipa

There is a cross-site request forgery vulnerability in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions on behalf of the user, resulting in a loss of confidentiality and system integrity...

6.5CVSS6.5AI score0.0057EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: ipa: Hash tables are only reset when supported. Last year, the code that manages GSI channel transactions switched from using spinlock-protected linked lists to using indexes in the ring buffer used for a channel. Recently,...

5.9AI score0.00166EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in sudo

A flaw was discovered in sudo’s handling of ipahostname. In this process, the ipahostname value from /etc/sssd/sssd.conf was not propagated to sudo. As a result, this leads to a privilege management vulnerability in applications, where client hosts retain privileges even after those privileges ha...

8.8CVSS7.2AI score0.00687EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/08 7:37 p.m.16 views

CVE-2026-43345

A flaw was found in the Linux kernel's ipa driver. This vulnerability, affecting IPA version 5.0 and later, stems from an incorrect event ring index programming, preventing GSI channels from signaling transfer completions. As a result, the system can experience hangs during operations such as...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 2:16 p.m.12 views

UBUNTU-CVE-2026-43345

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CHCCNTXT0 to CHCCNTXT1. The v5.0 register definition intended to define this field in the CHCCNTXT1 fmask array but...

7.5CVSS5.7AI score0.00353EPSS
Exploits0References8
OSV
OSV
added 2026/05/08 1:39 p.m.3 views

CVE-2026-43345 net: ipa: fix event ring index not programmed for IPA v5.0+

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CHCCNTXT0 to CHCCNTXT1. The v5.0 register definition intended to define this field in the CHCCNTXT1 fmask array but...

7.5CVSS6.5AI score0.00353EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/06 3:10 p.m.11 views

CVE-2026-43081

A flaw was found in the Linux kernel's Integrated Packet Accelerator IPA driver. Incorrectly configured register field masks for IPA version 5.0 and newer could lead to system instability. This issue may manifest as a warning when attempting to send commands to the MPSS remoteproc, potentially...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27572

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably this fixes a WARN I was seeing when I tried to send "stop...

5.8AI score0.00122EPSS
Exploits0References6
NVD
NVD
added 2026/05/06 10:16 a.m.16 views

CVE-2026-43081

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably this fixes a WARN I was seeing when I tried to send "stop...

5.5CVSS0.00122EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.5 views

CVE-2026-43081

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably this fixes a WARN I was seeing when I tried to send "stop...

5.8AI score0.00122EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.40 views

CVE-2026-43081 net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+

In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERICCMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downstream GSI GSIV30EEnGSIEEGENERICCMD. Notably this fixes a WARN I was seeing when I tried to send "stop...

0.00122EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mismatch between the mask of the GENERICCMD register field in IPA v5.0+ and the hardware layout. Th...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
Rows per page
Query Builder