Lucene search
K

230 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame. CVE-2026-40208 Note that Nessus relies...

3.7CVSS6.1AI score0.00285EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16: bind / bind-doc / bind-modules-generic / bind-modules-ldap / etc (SUSE-SU-2026:22198-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22198-1 advisory. This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion durin...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References19
Debian CVE
Debian CVE
added 2026/06/25 12:22 p.m.6 views

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0
CVE
CVE
added 2026/06/25 12:22 p.m.21 views

CVE-2026-40208

CVE-2026-40208 concerns DoH3 servers handling DoH3 GET queries with an invalid DATA frame, potentially delaying processing and causing a denial of service. The available records state the impact as availability loss (LOW) with a CVSS 3.1 base score of 3.7, network-exposed and requiring no privile...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22319-1 Security update for dnsdist

This update for dnsdist fixes the following issues - CVE-2026-0396: crafted DNS queries can allow to inject HTML content bsc1261236. - CVE-2026-0397: CORS misconfiguration can lead to information disclosure bsc1261237. - CVE-2026-24028: crafted DNS response packet can lead to an out-of-bounds rea...

9.1CVSS5.8AI score0.01073EPSS
Exploits0References37
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.11 views

Fedora 44 : dnsdist (2026-51cdd1292b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-51cdd1292b advisory. Bug Fixes: CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdi...

9.1CVSS6AI score0.01073EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.14 views

Fedora 43 : bind9-next (2026-ec095a4675)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ec095a4675 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

9.8CVSS5.5AI score0.01844EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/06/01 12:58 a.m.25 views

SUSE CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References5
Mageia
Mageia
added 2026/05/29 5:12 a.m.26 views

Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.24 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Bind vulnerabilities (USN-8293-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8293-1 advisory. Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could...

9.8CVSS6.1AI score0.01844EPSS
Exploits1References7
OSV
OSV
added 2026/05/21 7:11 p.m.8 views

USN-8293-1 bind9 vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

9.8CVSS6AI score0.01844EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2026/05/21 7:11 p.m.14 views

USN-8293-1: Bind vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

9.8CVSS6AI score0.01844EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/20 1:9 p.m.53 views

CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS0.01844EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 1:9 p.m.42 views

CVE-2026-3593

A use-after-free vulnerability exists in BIND 9’s DNS-over-HTTPS implementation. Affected: BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1. Not affected: 9.18.0–9.18.48 and 9.18.11-S1–9.18.48-S1. Impact: memory corruption with potential denial of service or code execution (per Red H...

9.8CVSS5.8AI score0.01844EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/05/20 1:9 p.m.9 views

EUVD-2026-31108

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 1:9 p.m.9 views

CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:9 p.m.15 views

CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/20 1:9 p.m.12 views

CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

9.8CVSS5.8AI score0.01844EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:2 a.m.10 views

CoreDNS DoH GET path missing size validation causes CPU and memory amplification

...

8.7CVSS5.8AI score0.00672EPSS
Exploits1
Rows per page
Query Builder