Lucene search
K

406 matches found

OSV
OSV
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2833 python-zeroconf security update

Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...

6AI score
Exploits0References2
NVD
NVD
added 2026/07/05 11:16 p.m.11 views

CVE-2026-10657

Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...

5.3CVSS0.00243EPSS
Exploits1References2
CVE
CVE
added 2026/07/05 10:23 p.m.23 views

CVE-2026-10657

The CVE-2026-10657 vulnerability affects Zephyr's DNS resolver when MDNS (CONFIG_MDNS_RESOLVER) is enabled. The code uses memcmp(strrchr(query, '.'), ".local", 7) to detect mDNS queries, reading a fixed 7 bytes from the suffix pointer. If the final label is shorter than 7 bytes (e.g., .org, .com,...

5.3CVSS6.2AI score0.00243EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/22 2:38 p.m.3 views

SUSE-SU-2026:22338-1 Security update for avahi

This update for avahi fixes the following issues: - CVE-2026-34933: reachable assertion in transportflagsfromdomain can crash the avahi-daemon bsc1261546. - CVE-2026-24401: unsolicited mDNS responses containing a recursive CNAME record can crash the avahi-daemon bsc1257235...

6.5CVSS6.6AI score0.00252EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.15 views

EulerOS 2.0 SP11 : avahi (EulerOS-SA-2026-2197)

According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below,...

6.5CVSS5.5AI score0.00252EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.29 views

EulerOS Virtualization 2.12.0 : avahi (EulerOS-SA-2026-2095)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and...

6.5CVSS5.6AI score0.00353EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-5245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler...

8.1CVSS5.8AI score0.00716EPSS
Exploits0References3
OSV
OSV
added 2026/04/30 7:30 p.m.7 views

JLSEC-2026-370 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function...

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.2AI score0.00716EPSS
Exploits0References9
OSV
OSV
added 2026/04/17 2:18 p.m.6 views

SUSE-SU-2026:1441-1 Security update for avahi

This update for avahi fixes the following issue: - CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235...

6.5CVSS5.7AI score0.00252EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/04/06 10:54 a.m.4 views

Security update for avahi

This update for avahi fixes the following issue: CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record bsc1257235. Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/02 12:31 p.m.9 views

EUVD-2026-18183

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.8AI score0.00716EPSS
Exploits0References7
NVD
NVD
added 2026/04/02 10:16 a.m.30 views

CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

8.1CVSS0.00716EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/02 9:0 a.m.3 views

CVE-2026-5245 Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS6.1AI score0.00716EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/04/02 9:0 a.m.6 views

CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

8.1CVSS5.6AI score0.00716EPSS
Exploits0
OSV
OSV
added 2026/04/02 9:0 a.m.5 views

CVE-2026-5245 Cesanta Mongoose mDNS Record mongoose.c handle_mdns_record stack-based overflow

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS6AI score0.00716EPSS
Exploits0References8
CVE
CVE
added 2026/04/02 9:0 a.m.27 views

CVE-2026-5245

Cesanta Mongoose up to 7.20 contains a stack-based buffer overflow in the function handle_mdns_record (mongoose.c, mDNS Record Handler) caused by manipulation of the buf argument. Remote exploitation is possible; the exploit is described as difficult with a high attack complexity. A fixed version...

8.1CVSS6.1AI score0.00716EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 9:0 a.m.10 views

CVE-2026-5245

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.8AI score0.00716EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.9 views

Cesanta Mongoose 安全漏洞

Cesanta Mongoose is a set of embedded server libraries developed by the Irish company Cesanta. It includes functions for TCP and HTTP clients and servers, as well as WenSocket clients and servers. Versions of Cesanta Mongoose 7.20 and earlier contained security vulnerabilities. These...

8.1CVSS6.4AI score0.00716EPSS
Exploits0References6
Rosalinux
Rosalinux
added 2026/03/22 9:17 p.m.8 views

Advisory ROSA-SA-2026-3245

software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.5 affected versions avahi-0.8-12.git35bb1b.5 CVE-ID: CVE-2026-24401 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Avahi avahi-daemon ≤ 0.9rc2 allows a remote attacker to cause a process crash DoS:...

6.5CVSS5.7AI score0.00252EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/19 11:25 p.m.6 views

CVE-2026-30871

A flaw was found in the OpenWrt mdns daemon. A remote attacker can exploit a Stack-based Buffer Overflow vulnerability in the parsequestion function by sending specially crafted DNS Domain Name System packets. These packets, specifically PTR Pointer Record queries for reverse DNS domains, can cau...

9.8CVSS6.7AI score0.01211EPSS
Exploits0References6
Rows per page
Query Builder