Lucene search
K

8 matches found

EUVD
EUVD
added 2026/03/20 9:31 p.m.6 views

EUVD-2026-13796

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

5.8AI score0.00292EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/02 10:11 p.m.8 views

cert-manager-controller DoS via Specially Crafted DNS Response

Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2025/10/20 2:15 p.m.6 views

UBUNTU-CVE-2025-11678

Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References5
Gitee
Gitee
added 2021/07/03 10:44 a.m.5 views

Exploit for Improper Input Validation in Microsoft

This is a PoC Proof of Concept exploit for CVE-2020-1350, also known as SigRed. The exploit is designed to target DNS servers and allows for remote code execution. The exploit is written in Python and consists of several files: configure.py: This script is used to set up the payload and Apache HT...

10CVSS9.2AI score0.92178EPSS
Exploits21
CNNVD
CNNVD
added 2020/12/08 12:0 a.m.7 views

Contiki Security Vulnerabilities

Contiki is an open source cross-platform operating system for IoT Internet of Things devices. Contiki 3.0 suffers from a security vulnerability that stems from parsing incoming DNS packets without checking if the domain name ends in null. This allows an attacker to compromise memory with a crafte...

7.5CVSS7.1AI score0.02761EPSS
Exploits0References4
CNVD
CNVD
added 2017/05/26 12:0 a.m.4 views

systemd-resolved denial of service vulnerability

systemd-resolved is a system service used to manage network name resolution. A denial of service vulnerability exists in systemd-resolved version 233 and earlier. A remote attacker could use this vulnerability to cause a denial of service daemon crash with a specially crafted DNS response...

7.5CVSS6.8AI score0.15422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/05/24 12:0 a.m.3 views

PT-2017-18793 · Systemd +2 · Systemd-Resolved +2

Name of the Vulnerable Software and Affected Versions: systemd-resolved versions through 233 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a crafted DNS response with an empty question section. Recommendations: For versions through...

10CVSS6.5AI score0.55116EPSS
Exploits1References53
OSV
OSV
added 2017/04/20 10:59 p.m.4 views

CVE-2017-6607

A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker...

8.7CVSS5.8AI score0.02392EPSS
Exploits0References3
Rows per page
Query Builder