14 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: munge (UTSA-2026-014299)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014299 advisory. MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in...
AZL-77444 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
UBUNTU-CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506 MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506
CVE-2026-25506 affects MUNGE: from version 0.5 up to 0.5.17, a local attacker can trigger a buffer overflow in munged to leak cryptographic key material from process memory, enabling forging of arbitrary MUNGE credentials and impersonation of users (including root) on services relying on MUNGE fo...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506 MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
munge -- CWE-787: Out-of-bounds Write
https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak...
PT-2026-7436
Name of the Vulnerable Software and Affected Versions MUNGE versions 0.5.0 through 0.5.17 Description MUNGE MUNGE Uid 'N' Gid Emporium is an authentication service used by workload managers like Slurm. A buffer overflow exists in the munged daemon, specifically within the msg unpack function when...
CVE-2025-57618
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as...
CVE-2025-57618
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as...
PT-2025-42163
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as...