Lucene search
K

57 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45025

Impact DNSIncoming. log exception debug and the four QuietLogger exception-dedup methods stored an unbounded seen logs dict keyed by strsys.exc info1. The seven IncomingDecodeError messages raised from read name / decode labels at offset RFC 6762 §18 name-decoding error paths all embed self.sourc...

6.5CVSS5.8AI score0.0002EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45026

Impact DNSCache. async add inserted every response record into cache, expirations, expire heap, and service cache with no cap on entry count. The only pre-existing protection was a PTR TTL floor DNS PTR MIN TTL = 1125 s, RFC 6762 §10, which actually prolonged attacker-injected records, and a...

6.5CVSS5.8AI score0.00023EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-45024

Impact DNSIncoming. decode labels at offset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past...

6.5CVSS5.8AI score0.0002EPSS
Exploits0References16
Fedora
Fedora
added 2026/04/16 11:42 p.m.8 views

[SECURITY] Fedora 44 Update: kf6-kdnssd-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 integration module for DNS-SD services Zeroconf...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/20 12:24 a.m.4 views

SUSE CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References3
NVD
NVD
added 2026/03/18 6:16 p.m.5 views

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS0.00282EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.5 views

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.9AI score0.00282EPSS
Exploits1References4
OSV
OSV
added 2026/03/18 6:16 p.m.11 views

UBUNTU-CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/03/18 5:55 p.m.4 views

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:55 p.m.2 views

CVE-2026-32634

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/18 5:55 p.m.18 views

CVE-2026-32634

Glances Central Browser mode vulnerability (CVE-2026-32634): prior to 4.5.2, Zeroconf advertising can mislead the browser into using an untrusted server name to create connection URIs, and to look up saved passwords. If a dynamic server reports itself as protected, the untrusted name is also used...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/18 5:55 p.m.6 views

CVE-2026-32634 Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead ...

8.1CVSS5.9AI score0.00282EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-32634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised...

8.1CVSS5.1AI score0.00282EPSS
Exploits1References3
OSV
OSV
added 2026/03/16 4:36 p.m.5 views

GHSA-VX5F-957P-QPVM Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...

8.1CVSS5.9AI score0.00282EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/16 4:36 p.m.10 views

Glances Central Browser Autodiscovery Leaks Reusable Credentials to Zeroconf-Spoofed Servers

Summary In Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances...

8.1CVSS5.9AI score0.00282EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.1 views

PT-2026-25821

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.2 Description Glances, a system cross-platform monitoring tool, contains a flaw in Central Browser mode. The software stores both the Zeroconf-advertised server name and the discovered IP address for dynamic...

8.1CVSS5.8AI score0.00282EPSS
Exploits1References28
Debian
Debian
added 2023/06/21 10:49 p.m.39 views

[SECURITY] [DLA 3466-1] avahi security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3466-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 21, 2023 https://wiki.debian.org/LTS -...

5.5CVSS5.9AI score0.0045EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2021/09/21 7:13 a.m.14 views

pcp bug fix and enhancement update

Performance Co-Pilot PCP is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Bug Fixes and...

2.7AI score
Exploits0
Fedora
Fedora
added 2021/08/19 1:11 a.m.44 views

[SECURITY] Fedora 33 Update: avahi-0.8-14.fc33

Avahi is a system which facilitates service discovery on a local network -- this means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is alread...

1.7AI score
Exploits0
OpenVAS
OpenVAS
added 2021/08/19 12:0 a.m.27 views

Fedora: Security Advisory for avahi (FEDORA-2021-b252318a99)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.7AI score
Exploits0References2
Rows per page
Query Builder