Lucene search
K

110 matches found

FreeBSD
FreeBSD
added 2025/07/21 12:0 a.m.6 views

powerdns-recursor -- cache pollution

PowerDNS Team reports: An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and...

7.5CVSS7.2AI score0.00229EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/06/08 2:54 p.m.7 views

Omise: Cache Pollution via Unkeyed GET Parameters on www.omise.co

The CDN serving the website appeared to cache pages based on the full URL, including arbitrary query parameters, without normalizing or properly keying them. This behavior resulted in cache pollution, where the cache was filled with redundant versions of the same page...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.28 views

Linux Distros Unpatched Vulnerability : CVE-2016-8743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers...

7.5CVSS6.8AI score0.13252EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.9 views

PT-2025-43559

Name of the Vulnerable Software and Affected Versions PDNS Recursor versions prior to 5.2.6-0+deb13u1 Description Insufficient validation of delegation information could lead to cache pollution in PDNS Recursor, a resolving name server. The changes required to address this are too extensive to...

6.5CVSS5.4AI score0.00122EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-43558

Name of the Vulnerable Software and Affected Versions PowerDNS Recursor versions prior to 5.2.6-0+deb13u1 Description Insufficient validation of delegation information could lead to cache pollution in PowerDNS Recursor, a resolving name server. Updates will not be backported to the version of PDN...

8.5CVSS6.4AI score0.00266EPSS
Exploits0References24
CNNVD
CNNVD
added 2024/10/08 12:0 a.m.7 views

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse has a security vulnerability. An attacker could issue multiple XHR requests until the cache was polluted by a response without any...

8.2CVSS6.5AI score0.01593EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.4 views

SUSE CVE-2016-8743

Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-en...

7.5CVSS8.4AI score0.13252EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.5 views

SUSE CVE-2018-14626

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service...

5.3CVSS7.7AI score0.02721EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.1 views

SUSE CVE-2019-15608

The package integrity validation in yarn 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack...

5.9CVSS6.4AI score0.01783EPSS
Exploits1References3
F5 Networks
F5 Networks
added 2022/12/15 9:58 p.m.79 views

K00373024: Apache vulnerability CVE-2016-8743

Security Advisory Description Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of...

7.5CVSS6.6AI score0.13252EPSS
Exploits0Affected Software16
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-77-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.50775EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/09 10:49 p.m.58 views

TOCTOU Race Condition in Yarn

The package integrity validation in yarn 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0...

5.9CVSS5.7AI score0.01783EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/02/09 10:49 p.m.26 views

GHSA-HJXC-462X-X77J TOCTOU Race Condition in Yarn

The package integrity validation in yarn 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0...

5.9CVSS5.4AI score0.01783EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/05/27 12:0 a.m.6 views

PT-2021-9168 · Red Hat · Ansible Tower

Name of the Vulnerable Software and Affected Versions: Ansible Tower versions prior to 3.6.4 Ansible Tower versions prior to 3.5.6 Ansible Tower versions prior to 3.4.6 Description: A flaw was found in Ansible Tower when running Openshift, where Tower runs a memcached accessed via TCP. An attacke...

4.4CVSS6.6AI score0.00239EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/01/06 12:0 a.m.74 views

IBM HTTP Server 7.0.0.0 < 7.0.0.43 / 8.0.0.0 < 8.0.0.14 / 8.5.0.0 < 8.5.5.12 / 9.0.0.0 < 9.0.0.3 Response Splitting (289001)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability related to Apache HTTP Server. Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these...

7.5CVSS6.4AI score0.13252EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/11/05 12:0 a.m.15 views

MediaWiki Information Disclosure Vulnerability (Jan 2012) - Windows

MediaWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5CVSS7.3AI score0.0137EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/10/20 12:0 a.m.28 views

FreeBSD : powerdns-recursor -- cache pollution (a6860b11-0dee-11eb-94ff-6805ca2fa271)

PowerDNS Team reports : CVE-2020-25829: An issue has been found in PowerDNS Recursor where a remote attacker can cause the cached records for a given name to be updated to the 'Bogus' DNSSEC validation state, instead of their actual DNSSEC 'Secure' state, via a DNS ANY query. This results in a...

7.5CVSS7.8AI score0.06465EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/10/19 12:0 a.m.26 views

openSUSE Security Update : pdns-recursor (openSUSE-2020-1687)

This update for pdns-recursor fixes the following issues : -pdns-recursorwas updated to 4.1.1 and 4.3.5 : - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation boo1177383 - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication boo1173302. C...

7.5CVSS7.2AI score0.06465EPSS
Exploits0References4
OSV
OSV
added 2020/10/17 2:22 p.m.4 views

OPENSUSE-SU-2020:1687-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: -pdns-recursorwas updated to 4.1.1 and 4.3.5: - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation boo1177383 - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication boo1173302...

7.5CVSS5.9AI score0.06465EPSS
Exploits0References5
Veracode
Veracode
added 2020/08/06 9:38 p.m.29 views

Denial Of Service (DoS)

PowerDNS Authoritative Server are vulnerable to denial of service DoS. It is causing a packet cache pollution via crafted query that can lead to denial of service...

7.5CVSS3.8AI score0.02721EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder