Lucene search
+L

160 matches found

OSV
OSV
added 2026/03/07 9:30 a.m.3 views

GHSA-7XRH-HQFC-G7QR Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS5.8AI score0.00633EPSS
Exploits0References6
OSV
OSV
added 2026/03/07 9:16 a.m.3 views

DEBIAN-CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS8.4AI score0.00633EPSS
Exploits0References1
NVD
NVD
added 2026/03/07 9:16 a.m.7 views

CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS0.00633EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2026/03/07 9:16 a.m.3 views

CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS5.8AI score0.00633EPSS
Exploits0References3
OSV
OSV
added 2026/03/07 9:16 a.m.6 views

UBUNTU-CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS5.8AI score0.00633EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/07 8:50 a.m.2 views

CVE-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

5.8AI score0.00633EPSS
Exploits0References1
CVE
CVE
added 2026/03/07 8:50 a.m.60 views

CVE-2026-24281

CVE-2026-24281 — Apache ZooKeeper ZKTrustManager reverse DNS fallback . The vulnerability arises when IP SAN validation fails and ZKTrustManager falls back to PTR-based name resolution, enabling attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with certificat...

7.4CVSS5.8AI score0.00633EPSS
Exploits0References10Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/07 8:50 a.m.7 views

CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

5.8AI score0.00633EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/07 8:50 a.m.4 views

CVE-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

5.9CVSS7.2AI score0.00633EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.7 views

Apache Zookeeper 安全漏洞

Apache Zookeeper is a software project of the Apache Foundation in the United States. It provides open-source distributed configuration services, synchronization services, and naming registration capabilities for large-scale distributed computing systems. There is a security vulnerability in Apac...

7.4CVSS7.3AI score0.00633EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/15 2:22 a.m.9 views

EUVD-2026-5835

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

9.8CVSS6.6AI score0.01157EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/15 2:22 a.m.38 views

CVE-2026-1490 Spam protection, Honeypot, Anti-Spam by CleanTalk <= 6.71 - Authorization Bypass via Reverse DNS (PTR record) Spoofing to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS PTR record spoofing on the 'checkWithoutToken' function in all versions up to, and including, 6.71. This makes it...

9.8CVSS0.01157EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : java-21-openjdk-21.0.3.0.9-1.el8.ML.1 (AXSA:2024-7709:07)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7709:07 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

3.7CVSS7.1AI score0.01361EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : java-11-openjdk-11.0.23.0.9-3.el9.ML.1 (AXSA:2024-7717:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7717:10 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

3.7CVSS6.8AI score0.01361EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-23852

Name of the Vulnerable Software and Affected Versions Apache ZooKeeper versions prior to 3.8.6 Apache ZooKeeper versions prior to 3.9.5 Description A flaw exists in the hostname verification process within Apache ZooKeeper’s ZKTrustManager. When IP Subject Alternative Name SAN validation fails, t...

9.8CVSS5.8AI score0.00633EPSS
Exploits0References312
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2000-0533

Malware in sbrugna...

7.5CVSS6.4AI score0.02139EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2000-0540

Malware in sbrugna...

5CVSS6.4AI score0.01092EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-0178

Malware in sbrugna...

7.5CVSS6.2AI score0.04416EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2002-0796

Malware in sbrugna...

7.5CVSS6.4AI score0.01396EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2003-0380

Malware in sbrugna...

7.5CVSS8AI score0.05766EPSS
Exploits1References19
Rows per page
Query Builder