Lucene search
K

61 matches found

RedHat Linux
RedHat Linux
added 2 days ago3 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
OSV
OSV
added 3 days ago7 views

RLSA-2026:34357 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus:...

8.2CVSS7.3AI score0.00939EPSS
Exploits0References7
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-25019

id: pretty-print uses effective GID instead of effective UID for name lookup...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/14 11:45 p.m.37 views

CVE-2026-12197 Ruijie EG105G-P JSON-RPC Diagnose Endpoint diagnose nslookup command injection

A security flaw has been discovered in Ruijie EG105G-P 2.340. The impacted element is the function nslookup of the file /cgi-bin/luci/api/diagnose of the component JSON-RPC Diagnose Endpoint. Performing a manipulation of the argument params.target results in command injection. It is possible to...

8.6CVSS0.02385EPSS
Exploits0References5
Mageia
Mageia
added 2026/06/12 11:28 p.m.22 views

Updated proftpd packages fix security vulnerabilities

CVE-2026-42167 modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM. CVE-2026-44331 a SQL injection vulnerabili...

8.1CVSS6.4AI score0.04282EPSS
Exploits7References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.14 views

Malicious code in checkout-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6add4dfcaaf79ce107ac8026032b47540def183a121be2266891644c90f10c8 Package replicates the API surface of an internal Exodus package generateMnemonicSigningKeys, signDirectPaymentMultiChain, signCapture, signRefund,...

5.3AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:44 p.m.14 views

Malicious code in exodus-wallet-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 53bf93b626689e980ef2e9c4ba33fd95e81d6a04c665f85908c8cf07b8b36e14 Package name impersonates the Exodus cryptocurrency wallet brand. package.json declares "postinstall": "node src/canary.js", and src/canary.js perfor...

6.1AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2026/06/08 12:0 a.m.2 views

The vulnerability of the LookupCNAME() function in the Go programming language allows a perpetrator to trigger a service failure.

The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.8CVSS5.8AI score0.00813EPSS
Exploits0References6Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.12 views

CVE-2026-1089

User‑Controlled HTTP Header in Fortra's GoAnywhere MFT prior to version 7.10.0 allows attackers to trigger a DNS lookup, as well as DNS Rebinding and Information Disclosure...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Issue: unittest – Fix null pointer dereferencing in ofunittestfindnodebyname. Description: When kmalloc fails to allocate memory in kasprintf, variables like name or fullname will be NULL. In this case, strcmp will cause a null...

5.8AI score0.00195EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exim4

Exim before version 4.95 has a heap-based buffer overflow for the alias list in hostnamelookup in host.c when senderhostname is set...

9.8CVSS8.6AI score0.0292EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.12 views

CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 12:0 a.m.6 views

UBUNTU-CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/05/19 11:42 p.m.104 views

eip-mcp

Exploit Intel Platform MCP Server Package/command: eip-mcp...

6.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.11 views

SUSE CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References16
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27712

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfsattrleafhasname The calling convention of xfsattrleafhasname is problematic, because it returns a NULL buffer when xfsattr3leafread fails, a valid buffer when xfsattr3leaflookupint returns -ENOATTR or -EEXIST, and ...

5.7AI score0.00138EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.15 views

RHCOS 4 : OpenShift Container Platform 4.8.9 (RHSA-2021:3248)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3248 advisory. - golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header CVE-2021-31525 - golang: net: lookup...

7.5CVSS7.2AI score0.06975EPSS
Exploits4References15
OSV
OSV
added 2026/04/22 6:31 p.m.7 views

GHSA-53GR-WMF4-8HH3 Duplicate Advisory: uutils coreutils's User Interface (UI) Misrepresents Critical Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xv5w-cw7x-72gj. This link is maintained to preserve external references. Original Description The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3
NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35371

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...

3.3CVSS0.00123EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.5 views

CVE-2026-35371 uutils coreutils id Misleading Identity Reporting in Pretty Print Mode

The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead of the effective UID when performing a name lookup for the effective user. This results in misleadi...

3.3CVSS5.8AI score0.00123EPSS
Exploits1References1
Rows per page
Query Builder