Lucene search
K

237 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame. CVE-2026-40208 Note that Nessus relies...

3.7CVSS6.1AI score0.00285EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16: bind / bind-doc / bind-modules-generic / bind-modules-ldap / etc (SUSE-SU-2026:22198-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22198-1 advisory. This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion durin...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References19
OSV
OSV
added 2026/06/25 12:22 p.m.1 views

CVE-2026-40208 Denial of service via DoH3 queries

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 12:22 p.m.21 views

CVE-2026-40208

CVE-2026-40208 concerns DoH3 servers handling DoH3 GET queries with an invalid DATA frame, potentially delaying processing and causing a denial of service. The available records state the impact as availability loss (LOW) with a CVSS 3.1 base score of 3.7, network-exposed and requiring no privile...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:22 p.m.7 views

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS5.9AI score0.00285EPSS
Exploits0
OSV
OSV
added 2026/06/22 2:28 p.m.3 views

SUSE-SU-2026:22319-1 Security update for dnsdist

This update for dnsdist fixes the following issues - CVE-2026-0396: crafted DNS queries can allow to inject HTML content bsc1261236. - CVE-2026-0397: CORS misconfiguration can lead to information disclosure bsc1261237. - CVE-2026-24028: crafted DNS response packet can lead to an out-of-bounds rea...

9.1CVSS5.8AI score0.01073EPSS
Exploits0References37
OSV
OSV
added 2026/06/20 6:53 a.m.2 views

SUSE-SU-2026:22198-1 Security update for bind

This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation bsc1265591. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3593: Heap use-after-free...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.14 views

Fedora 43 : bind9-next (2026-ec095a4675)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ec095a4675 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

9.8CVSS5.5AI score0.01844EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.12 views

Fedora 44 : dnsdist (2026-51cdd1292b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-51cdd1292b advisory. Bug Fixes: CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdi...

9.1CVSS6AI score0.01073EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/06/01 12:58 a.m.25 views

SUSE CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References5
Mageia
Mageia
added 2026/05/29 5:12 a.m.27 views

Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.24 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Bind vulnerabilities (USN-8293-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8293-1 advisory. Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could...

9.8CVSS6.1AI score0.01844EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2026/05/21 7:11 p.m.15 views

USN-8293-1: Bind vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

9.8CVSS6AI score0.01844EPSS
Exploits1
OSV
OSV
added 2026/05/21 7:11 p.m.8 views

USN-8293-1 bind9 vulnerabilities

Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. CVE-2026-3039 Shuhan Zhang discovered that Bind incorrectly handled self-pointed...

9.8CVSS6AI score0.01844EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/05/20 1:9 p.m.53 views

CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS0.01844EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 1:9 p.m.46 views

CVE-2026-3593

A use-after-free vulnerability exists in BIND 9’s DNS-over-HTTPS implementation. Affected: BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1. Not affected: 9.18.0–9.18.48 and 9.18.11-S1–9.18.48-S1. Impact: memory corruption with potential denial of service or code execution (per Red H...

9.8CVSS5.8AI score0.01844EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:9 p.m.15 views

CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 1:9 p.m.9 views

CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 1:9 p.m.9 views

EUVD-2026-31108

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/20 1:9 p.m.23 views

CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

9.8CVSS5.8AI score0.01844EPSS
Exploits0
Rows per page
Query Builder