57 matches found
PT-2026-45025
Impact DNSIncoming. log exception debug and the four QuietLogger exception-dedup methods stored an unbounded seen logs dict keyed by strsys.exc info1. The seven IncomingDecodeError messages raised from read name / decode labels at offset RFC 6762 §18 name-decoding error paths all embed self.sourc...
PT-2026-45026
Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...
PT-2026-45024
Impact DNSIncoming. decode labels at offset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past...
[SECURITY] Fedora 44 Update: kf6-kdnssd-6.25.0-1.fc44
KDE Frameworks 6 Tier 1 integration module for DNS-SD services Zeroconf...
SUSE CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
UBUNTU-CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32634
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
CVE-2026-32634
Glances Central Browser mode vulnerability (CVE-2026-32634): prior to 4.5.2, Zeroconf advertising can mislead the browser into using an untrusted server name to create connection URIs, and to look up saved passwords. If a dynamic server reports itself as protected, the untrusted name is also used...
CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...
Linux Distros Unpatched Vulnerability : CVE-2026-32634
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised...
GHSA-VX5F-957P-QPVM Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...
Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers
Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...
PT-2026-25821
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, a system cross-platform monitoring tool, contains a flaw in Central Browser mode. The software stores both the Zeroconf-advertised server name and the discovered IP address for dynamic...
[SECURITY] [DLA 3466-1] avahi security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3466-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 21, 2023 https://wiki.debian.org/LTS -...
pcp bug fix and enhancement update
Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Bug Fixes and...
[SECURITY] Fedora 33 Update: avahi-0.8-14.fc33
Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is alread...
Fedora: Security Advisory for avahi (FEDORA-2021-b252318a99)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...