Lucene search
K

876 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in sudo

A flaw was discovered in sudo’s handling of ipahostname. In this process, the ipahostname value from /etc/sssd/sssd.conf was not propagated to sudo. As a result, this leads to a privilege management vulnerability in applications, where client hosts retain privileges even after those privileges ha...

8.8CVSS7.2AI score0.00687EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 p.m.12 views

CVE-2026-47846

Bitnami Cassandra container images are affected by a retained default superuser vulnerability. When a custom administrator account is configured via the CASSANDRAUSER environment variable, the container initialization script creates the new superuser account but fails to drop the built-in cassand...

9.8CVSS0.00338EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:0 p.m.10 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS5.5AI score0.00594EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:0 p.m.31 views

CVE-2026-44893 Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final and 4.2.15.Final, when decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then...

7.5CVSS0.00594EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 7:2 p.m.9 views

GHSA-CC37-9Q2J-3HFV Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length

When decoding a PP2TYPESSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsException...

7.5CVSS5.7AI score0.00594EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.13 views

PT-2026-47564

When decoding a PP2 TYPE SSL TLV, HAProxyMessage.readNextTLV first calls header.retainedSliceheader.readerIndex, length and only then reads the 1-byte client field and 4-byte verify field. If the attacker sets the TLV length below 5, the subsequent readByte/readInt throws IndexOutOfBoundsExceptio...

7.5CVSS5.7AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47607

Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-handler affected versions not specified Description An uncontrolled memory allocation issue exists in the SslClientHelloHandler.decode function. When a ClientHello does not fit in the first record, the system eagerly...

7.5CVSS5.5AI score0.00461EPSS
Exploits0References42
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47604

Name of the Vulnerable Software and Affected Versions netty-codec-haproxy versions prior to 4.1.135.Final netty-codec-haproxy versions prior to 4.2.15.Final Description An issue exists when decoding a PP2 TYPE SSL TLV Type-Length-Value where the readNextTLV function in HAProxyMessage calls...

7.5CVSS5.4AI score0.00594EPSS
Exploits0References26
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Nextcloud Forms 安全漏洞

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. There were security vulnerabilities in versions 4.3.0 to 5.2.7 of NextCloud Forms, which stemmed from unauthorized access to respondent files uploaded through affected forms, due to retained...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/16 5:34 a.m.11 views

Improper Cleanup Of Namespace Data

OpenBao is vulnerable to improper cleanup of namespace data.The vulnerability is due to incomplete cleanup when retries occur after an initial namespace deletion failure, which allows an attacker to potentially retain access to outstanding leases or leave residual storage entries that should have...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.10 views

CVE-2026-42209

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 10:16 p.m.17 views

CVE-2026-42209

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS0.00355EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:40 p.m.16 views

CVE-2026-42209

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/08 9:40 p.m.35 views

CVE-2026-42209 FlashMQ: Division by zero crash when using non-default deferred retained message setting

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS0.00355EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 9:40 p.m.14 views

EUVD-2026-28838

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 9:40 p.m.20 views

CVE-2026-42209

Summary: CVE-2026-42209 affects FlashMQ, a MQTT broker/server for multi-CPU environments. Before v1.26.1, a remote client with retained publish permission can trigger a crash of the FlashMQ broker when both set_retained_message_defer_timeout and set_retained_message_defer_timeout_spread are non-d...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 9:40 p.m.10 views

CVE-2026-42209 FlashMQ: Division by zero crash when using non-default deferred retained message setting

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

FlashMQ 数字错误漏洞

FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.1 contained a numerical error vulnerability. This vulnerability could cause the FlashMQ proxy to crash and lead to a denial-of-service attack when the setretainedmessagedefertimeout...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39199

Name of the Vulnerable Software and Affected Versions FlashMQ versions prior to 1.26.1 Description A remote client with retained publish permission can cause a denial of service by crashing the broker. This occurs when both set retained message defer timeout and set retained message defer timeout...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/24 1:22 a.m.5 views

CVE-2026-28950

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...

6.2CVSS6AI score0.0288EPSS
Exploits0References1
Rows per page
Query Builder