bind: BIND: Denial of Service via specially crafted DNS messages

A flaw was found in the bind component, specifically within the named daemon. This vulnerability allows a remote attacker to send specially crafted Domain Name System DNS messages. These messages, which use unusual classes or meta-classes, can trigger assertion failures in the named daemon when...

bind: BIND: Denial of Service via specially crafted DNS messages

A flaw was found in the bind component, specifically within the named daemon. This vulnerability allows a remote attacker to send specially crafted Domain Name System DNS messages. These messages, which use unusual classes or meta-classes, can trigger assertion failures in the named daemon when...

EUVD-2026-31107

Multiple flaws have been identified in named related to the handling of DNS messages whose CLASS is not Internet IN — for example, CHAOS or HESIOD, or DNS messages that specify meta-classes ANY or NONE in the question section. Specially crafted requests reaching the affected code paths — recursio...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in freemap adjustment during the process of adding extended attributes to extents by the...

CLSA-2026-1777393215 openldap: Fix of 15 CVEs

CVE-2019-13565: SASL session encryption SSF not reset on new connection, allowing downgrade - CVE-2020-12243: slapd crash via deeply nested LDAP search filter boolean expressions - CVE-2020-25692: NULL pointer dereference in slapd during modRDN request - CVE-2020-25709: slapd assertion failure...

CLSA-2026-1777310722 openldap: Fix of 15 CVEs

CVE-2019-13565: SASL session encryption SSF not reset on new connection, allowing downgrade - CVE-2020-12243: slapd crash via deeply nested LDAP search filter boolean expressions - CVE-2020-25692: NULL pointer dereference in slapd during modRDN request - CVE-2020-25709: slapd assertion failure...

systemd 安全漏洞

Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Systemd versions from v239 to v259.2 and earlier contain...

nghttp2 安全漏洞

nghttp2 is a C library developed under open source by nghttp2. Versions of nghttp2 prior to 1.68.1 contained security vulnerabilities; these vulnerabilities stemmed from the lack of internal state validation, which could lead to assertion failures...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to execute the ndosetrxmode callback in the work queue, potentially leading to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the cpswnew driver not executing the ndosetrxmode callback in the work queue, potentially leading...

Silicon Labs Simplicity SDK 安全漏洞

Silicon Labs Simplicity SDK is a core software development kit provided by Silicon Labs, Inc. in the United States. The Silicon Labs Simplicity SDK has a security vulnerability. This vulnerability arises from truncated 802.15.4 packet data, which may lead to assertion failures and potentially cau...

MiracleLinux 8 : bind9.16-9.16.23-0.22.el8_10 (AXSA:2024-8665:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8665:02 advisory. bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam CVE-2024-1737 bind9: bind: SIG0 can be used to exhaust...

MiracleLinux 9 : galera-26.4.11-1.el9, mariadb-10.5.16-2.el9, mysql-selinux-1.0.5-1.el9 (AXSA:2022-4045:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4045:01 advisory. mariadb: MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used CVE-2021-46669...

CVE-2025-61684

CVE-2025-61684 affects Quicly, an IETF QUIC protocol implementation. The vulnerability is a denial-of-service caused by an assertion failure that crashes the process, exploitable before commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. The issue is mitigated by the mentioned commit which fixes the...

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

CVE-2025-61684 Quicly has assertion failures

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

Quicly input validation error vulnerability

Quicly is an implementation of the IETF QUIC protocol developed by H2O OpenSource. Previous versions of Quicly had a vulnerability related to input validation errors. This vulnerability allowed remote attackers to exploit these errors to trigger assertion failures, potentially causing processes...

quic-go 安全漏洞

quic-go is an implementation of the QUIC protocol, RFC 9000 protocol in Go by Lucas Clemente, a personal developer. A security vulnerability in quic-go versions prior to 0.49.0, prior to 0.54.1, and prior to 0.55.0, which stems from improper handling of assertion failures, could lead to a denial ...

EUVD-2016-10341

Malware in sbrugna...

EUVD-2016-8273

Malware in sbrugna...