Lucene search
K

167 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: nfnetlinkosf: fix potential NULL dereference in ttl check The nfosfttl function accessed skb-dev to perform a local interface address lookup without...

7.5CVSS6AI score0.00508EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.4 views

CVE-2026-52998

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix potential NULL dereference in ttl check The nfosfttl function accessed skb-dev to perform a local interface address lookup without verifying that the device pointer was valid. Additionally, the...

7.5CVSS0.00508EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.5 views

CVE-2026-52998

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix potential NULL dereference in ttl check The nfosfttl function accessed skb-dev to perform a local interface address lookup without verifying that the device pointer was valid. Additionally, the...

5.7AI score0.00508EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/24 4:29 p.m.11 views

CVE-2026-52998

CVE-2026-52998 affects the Linux kernel’s netfilter nfnetlink_osf module. The nf_osf_ttl() function can dereference a device pointer (skb->dev) without validating the device, risking a NULL dereference. The patch removes the device dereference and the in_dev_for_each_ifa_rcu loop used to match...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-52998 netfilter: nfnetlink_osf: fix potential NULL dereference in ttl check

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkosf: fix potential NULL dereference in ttl check The nfosfttl function accessed skb-dev to perform a local interface address lookup without verifying that the device pointer was valid. Additionally, the...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51892

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL dereference exists in the nf osf ttl function within the netfilter nfnetlink osf module. The function accessed skb-dev to perform a local interface address lookup withou...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.29 views

EulerOS Virtualization 2.12.0 : avahi (EulerOS-SA-2026-2095)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and...

6.5CVSS5.6AI score0.00353EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.33 views

EulerOS Virtualization 2.12.1 : avahi (EulerOS-SA-2026-2070)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and...

6.5CVSS5.6AI score0.00353EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

8.7CVSS5.4AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 6:55 p.m.11 views

GHSA-7J6W-VVW2-5F9C OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens

Impact In OpenBao's Kerberos auth method on the GET handler, or when an Authorization: Negotiate header is supplied, the response is includes a logical.Auth object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity...

5.3CVSS5.8AI score0.00083EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 5:5 p.m.15 views

CVE-2026-46424

Budibase vulnerability CVE-2026-46424 affects versions before 3.38.2. The public API endpoint POST /api/public/v1/roles/unassign updates CouchDB user documents but does not invalidate the Redis cache entries used by authentication middleware, so revoked admin/builder/app roles may persist up to 1...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/20 9:18 a.m.9 views

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

8.7CVSS5.7AI score0.00171EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in net-snmp

The handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP versions 5.8 through 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

6.5CVSS6.8AI score0.52054EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-40622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domai...

8.7CVSS6.1AI score0.00171EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/04 6:33 a.m.12 views

libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers

Summary found that libp2p-rendezvous server has no limit on how many namespaces a single peer can register. a malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. keep doing...

7.5CVSS5.5AI score0.00395EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/04 6:33 a.m.16 views

GHSA-CQFX-GF56-8X59 libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers

Summary found that libp2p-rendezvous server has no limit on how many namespaces a single peer can register. a malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. keep doing...

7.5CVSS5.5AI score0.00395EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/03 9:59 p.m.17 views

LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

9.4CVSS5.9AI score0.0049EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 6:33 p.m.6 views

CVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer Underflow

strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the...

8.7CVSS5.8AI score0.01013EPSS
Exploits2References4
Rosalinux
Rosalinux
added 2026/03/22 8:49 p.m.7 views

Advisory ROSA-SA-2026-3230

software: avahi 0.8 WASP: ROSA-CHROME unaffected versions = avahi-0.8-12.git35bb1b.4 affected versions avahi-0.8-12.git35bb1b.4 CVE-ID: CVE-2025-68276 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: Vulnerability in Avahi mDNS/DNS-SD. An unprivileged local user can cause an avahi-daemon DoS crash by...

6.5CVSS6.8AI score0.00331EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2025-58063)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-58063 advisory. - CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version...

7.1CVSS5.6AI score0.00407EPSS
Exploits0References1
Rows per page
Query Builder