238 matches found
TencentOS Server 4: bind (TSSA-2025:0564)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0564 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
curl: Integer Overflow to Heap Overflow in DoH Response Handling
Summary: An integer overflow vulnerability exists in the dohprobewritecb function in lib/doh.c. This function is used as a write callback for DNS-over-HTTPS DoH responses. When a malicious DoH server sends a response with a crafted size, the multiplication of size and nmemb can overflow. This lea...
EUVD-2020-19485
Malware in sbrugna...
EUVD-2024-51062
Malicious code in bioql PyPI...
EUVD-2024-22909
Malicious code in bioql PyPI...
FreeBSD : dnsdist -- Denial of service via crafted DoH exchange (c2253bff-9952-11f0-b6e2-6805ca2fa271)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c2253bff-9952-11f0-b6e2-6805ca2fa271 advisory. [email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2...
jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
RHEL 9 : Red Hat Product OCP Tools 4.17 OpenShift Jenkins (RHSA-2025:16456)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16456 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...
SUSE CVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
CVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
DEBIAN-CVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
UBUNTU-CVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
CVE-2025-30187
DNSdist is vulnerable when configured to use the nghttp2 library to process DoH queries. The issue is an unbounded I/O read loop in the DoH path that can cause CPU resource exhaustion (DoS). Affected code appears post-1.9.0-alpha1; various advisories recommend upgrading DNSdist to fixed releases....
CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
CVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
CVE-2025-30187
In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...
DNSdist 安全漏洞
DNSdist is a highly DNS, DoS and abuse aware load balancer from DNSdist open source. A security vulnerability exists in DNSdist that stems from the use of the nghttp2 library to process DNS over HTTPS queries that may trigger an infinite I/O read loop, which may lead to excessive CPU resource...
dnsdist -- Denial of service via crafted DoH exchange
[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...
SUSE SLES15 Security Update : netty (SUSE-SU-2025:03021-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03021-1 advisory. - CVE-2025-55163: Fixed 'MadeYouReset' DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Tenable has extracted the preceding descripti...