Lucene search
+L

125 matches found

OSV
OSV
added 2026/05/20 5:43 a.m.3 views

CVE-2026-47783

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...

8.1CVSS5.9AI score0.01312EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42109

Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.6.42 Description Username data for SASL password database authentication contains a timing side channel. This occurs because the sasl server userdb checkpass function utilizes a loop that terminates immediately up...

8.1CVSS5.8AI score0.01312EPSS
Exploits0References42
RedHat Linux
RedHat Linux
added 2026/04/09 1:57 a.m.1 views

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS6.7AI score0.00179EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/27 8:10 a.m.3 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/27 8:10 a.m.6 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.3AI score0.00427EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.5 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.8AI score0.00427EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.8 views

EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2026-1568)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...

6.1CVSS5.9AI score0.00179EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.6 views

EulerOS Virtualization 2.12.1 : util-linux (EulerOS-SA-2026-1468)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...

6.1CVSS5.9AI score0.00179EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.3 views

EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2026-1414)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...

6.1CVSS6AI score0.00179EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-1300)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...

6.1CVSS6AI score0.00179EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/04 8:8 p.m.5 views

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS5.9AI score0.00179EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/02/02 10:18 a.m.6 views

util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS5.9AI score0.00179EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/04 12:0 a.m.7 views

TencentOS Server 4: util-linux (TSSA-2025:0975)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0975 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.1CVSS5.7AI score0.00179EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/31 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: util-linux (UTSA-2025-993327)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993327 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...

6.1CVSS5.6AI score0.00179EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/27 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: util-linux (UTSA-2025-992154)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992154 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...

6.1CVSS5.6AI score0.00179EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/17 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: util-linux (UTSA-2025-991271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991271 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...

6.1CVSS5.6AI score0.00179EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/11 12:46 a.m.5 views

SUSE CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS6.9AI score0.00179EPSS
Exploits0References16
NVD
NVD
added 2025/12/05 5:16 p.m.11 views

CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS0.00179EPSS
Exploits0References12
OSV
OSV
added 2025/12/05 5:16 p.m.7 views

AZL-72307 CVE-2025-14104 affecting package util-linux for versions less than 2.37.4-10

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS7AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 5:16 p.m.2 views

UBUNTU-CVE-2025-14104

A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...

6.1CVSS7.2AI score0.00179EPSS
Exploits0References4
Rows per page
Query Builder