Lucene search
K

427 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 1:43 a.m.15 views

container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command

Product Name: container Github Link: https://github.com/apple/container Version: = 0.12.2 Summary The container system dns create --localhost command accepts a domainName argument and passes it unsanitized into the pf anchor file /etc/pf.anchors/com.apple.container as a comment in a rule line. A...

6AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.8 views

CVE-2026-43088

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2026/05/06 7:40 a.m.6 views

CVE-2026-43088

In the Linux kernel, the following vulnerability has been resolved: net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy 32 bytes on the wire. However, pfkeysockaddrfill initializes only th...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.15 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the last four bytes of the sockaddrin6 structure in the PFKEY export path are not...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-43088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: afkey: zero aligned sockaddr tail in PFKEY exports PFKEY export paths use pfkeysockaddrsize when reserving sockaddr payload space, so IPv6 addresses occupy...

5.5CVSS6.2AI score0.00122EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.9 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the unused skbheaderpointer function in the TCPv4 GSO fragoff check, which results in a direct dereference o...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/23 1:25 a.m.7 views

SUSE CVE-2026-31490

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xesriovpfmigrationrestoreproduce, the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write calls. Set the pointer...

5.6AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24860

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xesriovpfmigrationrestoreproduce, the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write calls. Set the pointer...

5.6AI score0.0012EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 2:16 p.m.7 views

CVE-2026-31490

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xesriovpfmigrationrestoreproduce, the data pointer is not set to NULL, which can trigger use-after-free in subsequent .write calls. Set the pointer...

7.8CVSS0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 1:54 p.m.1 views

CVE-2026-31515 af_key: validate families in pfkey_send_migrate()

In the Linux kernel, the following vulnerability has been resolved: afkey: validate families in pfkeysendmigrate syzbot was able to trigger a crash in skbput 1 Issue is that pfkeysendmigrate does not check old/new families, and that setipsecrequest @family argument was truncated, thus possibly...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013473)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013473 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during pf initialization The devlink reload proce...

5.5CVSS5.6AI score0.00222EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/04/16 9:31 p.m.7 views

com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)

org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

8.1CVSS5.8AI score0.00382EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/03/30 9:44 p.m.159 views

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2026-20698 — XNU Kernel Heap Overflow via PFROUTE RTAGEN...

7.8CVSS6.1AI score0.00326EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/03/03 9:29 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: The sun4iCan driver does not populate the ndochangemtu function, allowing for a buffer overflow. Sending a PFPACKET request allows bypassing the CAN driver’s logic and directly reaching the xmit function of the CAN driver. The on...

7AI score0.0022EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.5 views

CVE-2019-25442

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

8.8CVSS5.7AI score0.0038EPSS
Exploits1References1
OSV
OSV
added 2026/02/22 2:16 p.m.4 views

CVE-2019-25442

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

7.5CVSS5.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/22 1:18 p.m.3 views

CVE-2019-25442 Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

8.8CVSS6AI score0.0038EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/22 1:18 p.m.5 views

CVE-2019-25442

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

8.8CVSS5.9AI score0.0038EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/22 1:18 p.m.26 views

CVE-2019-25442 Web Wiz Forums 12.01 SQL Injection via PF Parameter

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to memberprofile.asp with malicious PF values to extract sensitive database information...

8.8CVSS0.0038EPSS
Exploits1References2
NVD
NVD
added 2026/02/15 1:16 p.m.9 views

CVE-2026-2517

A security flaw has been discovered in Open5GS up to 2.7.6. This vulnerability affects the function ogsgtp2parsetft in the library lib/gtp/v2/types.c of the component SMF. Performing a manipulation of the argument pf0.content.length results in denial of service. The attack is possible to be carri...

7.5CVSS0.00499EPSS
Exploits1References6
Rows per page
Query Builder