Lucene search
K

238 matches found

Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: bind (TSSA-2025:0564)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0564 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7.1AI score0.17935EPSS
Exploits0References3
Hacker One
Hacker One
added 2025/10/25 8:12 p.m.17 views

curl: Integer Overflow to Heap Overflow in DoH Response Handling

Summary: An integer overflow vulnerability exists in the dohprobewritecb function in lib/doh.c. This function is used as a write callback for DNS-over-HTTPS DoH responses. When a malicious DoH server sends a response with a crafted size, the multiplication of size and nmemb can overflow. This lea...

8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-19485

Malware in sbrugna...

6.5CVSS7.8AI score0.01151EPSS
Exploits0References24
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-51062

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.17935EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-22909

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01078EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/25 12:0 a.m.3 views

FreeBSD : dnsdist -- Denial of service via crafted DoH exchange (c2253bff-9952-11f0-b6e2-6805ca2fa271)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c2253bff-9952-11f0-b6e2-6805ca2fa271 advisory. [email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2...

3.7CVSS5.6AI score0.00271EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/09/23 9:47 a.m.6 views

jetty: HTTP/2 (including DNS over HTTPS) contains a design flaw and is vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

A flaw was found in Jetty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

7.7CVSS7AI score0.01567EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/23 12:0 a.m.3 views

RHEL 9 : Red Hat Product OCP Tools 4.17 OpenShift Jenkins (RHSA-2025:16456)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:16456 advisory. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron...

7.7CVSS7.1AI score0.01567EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/09/18 11:26 p.m.5 views

SUSE CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS6.8AI score0.00271EPSS
Exploits0References5
NVD
NVD
added 2025/09/18 10:15 a.m.4 views

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS0.00271EPSS
Exploits0References2
OSV
OSV
added 2025/09/18 10:15 a.m.2 views

DEBIAN-CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS5.2AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2025/09/18 10:15 a.m.5 views

UBUNTU-CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS5.8AI score0.00271EPSS
Exploits0References5
CVE
CVE
added 2025/09/18 9:21 a.m.25 views

CVE-2025-30187

DNSdist is vulnerable when configured to use the nghttp2 library to process DoH queries. The issue is an unbounded I/O read loop in the DoH path that can cause CPU resource exhaustion (DoS). Affected code appears post-1.9.0-alpha1; various advisories recommend upgrading DNSdist to fixed releases....

3.7CVSS6.3AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/18 9:21 a.m.14 views

CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS0.00271EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/09/18 9:21 a.m.7 views

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS5.2AI score0.00271EPSS
Exploits0
OSV
OSV
added 2025/09/18 9:21 a.m.3 views

CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS6AI score0.00271EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2025/09/18 9:21 a.m.13 views

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

3.7CVSS6.8AI score0.00271EPSS
Exploits0
CNNVD
CNNVD
added 2025/09/18 12:0 a.m.3 views

DNSdist 安全漏洞

DNSdist is a highly DNS, DoS and abuse aware load balancer from DNSdist open source. A security vulnerability exists in DNSdist that stems from the use of the nghttp2 library to process DNS over HTTPS queries that may trigger an infinite I/O read loop, which may lead to excessive CPU resource...

3.7CVSS6.3AI score0.00271EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2025/09/18 12:0 a.m.5 views

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...

3.7CVSS7AI score0.00271EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

SUSE SLES15 Security Update : netty (SUSE-SU-2025:03021-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03021-1 advisory. - CVE-2025-55163: Fixed 'MadeYouReset' DoS attack in HTTP/2 protocol including DNS over HTTPS bsc1247991 Tenable has extracted the preceding descripti...

8.2CVSS6.6AI score0.01049EPSS
Exploits1References4
Rows per page
Query Builder