CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

ALPINE-CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

DEBIAN-CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

CVE-2025-40778

CVE-2025-40778 affects ISC BIND caching behavior: under certain conditions the resolver accepts forged answer data, enabling cache poisoning. Affected versions include 9.11.0–9.16.50, 9.18.0–9.18.39, 9.20.0–9.20.13, 9.21.0–9.21.12, and corresponding S1/build variants. Public advisories (e.g., ALA...

Splunk 注入漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...

Design/Logic Flaw

A vulnerability in the bailiwick checking function in Technitium DNS Server = v7.0 exists that allows specific malicious users to inject NS records of any domain even TLDs into the cache and conduct a DNS cache poisoning attack...

Ubuntu: Security Advisory (USN-4446-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS : Squid regression (USN-4446-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4446-2 advisory. USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the...

USN-4446-2 squid3 regression

USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jeriko One discovered that Squid incorrectly handled caching certain...

Ubuntu 16.04 LTS / 18.04 LTS : Squid vulnerabilities (USN-4446-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4446-1 advisory. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform...

USN-4446-1 squid3 vulnerabilities

Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. CVE-2019-12520 Jeriko One and Kristoffer Danielsson discovered that Squid...

CVE-2017-12173

It was found that sssd's sysdbsearchuserbyupnres function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this fla...

Code Execution Vulnerability in vlcms v1.2.0

vlcms is a management system based on Thinkphp framework to solve the promotion of handicraft. A code execution vulnerability exists in vlcms v1.2.0. The vulnerability is due to modify the site settings, the parameter values into the cache file process fails to filter due to the attacker can use...

Deserialization of untrusted data

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...

CVE-2017-15089

It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...

nginx parsing vulnerability could allow cache poisoning attack-vulnerability warning-the black bar safety net

! Many nginx users will use Google public DNS, OpenDNS or the ISP of the the parser the parser and other parsing program instructions to configure nginx, but among these there is a big risk, the only safe option is running on the local host to a parser. I found that not only the nginx stub resolv...

Composer Cache Injection vulnerability

More info at http://flyingmana.de/blogen/2016/02/14/composercacheinjectionvulnerabilitycve20158371.html...

Composer Cache Injection vulnerability

More info at http://flyingmana.de/blogen/2016/02/14/composercacheinjectionvulnerabilitycve20158371.html...

firefox security update

CentOS Errata and Security Advisory CESA-2007:0079 Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web...