125 matches found
CVE-2026-47783
In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by saslserveruserdbcheckpass...
PT-2026-42109
Name of the Vulnerable Software and Affected Versions memcached versions prior to 1.6.42 Description Username data for SASL password database authentication contains a timing side channel. This occurs because the sasl server userdb checkpass function utilizes a loop that terminates immediately up...
util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...
CVE-2026-27855
Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...
CVE-2026-0394
When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...
CVE-2026-0394
When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...
EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2026-1568)
According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...
EulerOS Virtualization 2.12.1 : util-linux (EulerOS-SA-2026-1468)
According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifical...
EulerOS 2.0 SP12 : util-linux (EulerOS-SA-2026-1414)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...
EulerOS 2.0 SP13 : util-linux (EulerOS-SA-2026-1300)
According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the...
util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...
util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...
TencentOS Server 4: util-linux (TSSA-2025:0975)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0975 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Unity Linux 20.1070e Security Update: util-linux (UTSA-2025-993327)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993327 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: util-linux (UTSA-2025-992154)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992154 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...
Unity Linux 20.1060a / 20.1070a Security Update: util-linux (UTSA-2025-991271)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991271 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...
SUSE CVE-2025-14104
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...
CVE-2025-14104
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...
AZL-72307 CVE-2025-14104 affecting package util-linux for versions less than 2.37.4-10
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...
UBUNTU-CVE-2025-14104
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function, affecting SUID Set User ID login-utils utilities writing to the password database...