227 matches found
Fedora: Security Advisory (FEDORA-2025-93d7b9a5d5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : unbound (2025-93d7b9a5d5)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-93d7b9a5d5 advisory. Fix CVE-2025-11411 possible domain hijacking attack, reported by Yuxiao Wu, Yunyi Zhang, Baojun Liu and Haixin Duan from Tsinghua University. Tenable has...
Unbound DNS Resolver < 1.24.2 Domain Hijacking Vulnerabilities
Unbound DNS Resolver is prone to a domain hijacking vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Possible domain hijacking via promiscuous records in the authority section
...
NLnet Labs Unbound 安全漏洞
NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. A security vulnerability exists in NLnet Labs Unbound version 1.24.0 and earlier, which stems from an uncleaned set of unsolicited NS records and could lead to a domain hijacking attack...
EUVD-2021-30452
Malicious code in bioql PyPI...
EUVD-2025-6157
Malicious code in bioql PyPI...
EUVD-2023-1120
Malicious code in bioql PyPI...
NewStart CGSL MAIN 6.06 : c-ares Vulnerability (NS-SA-2025-0226)
The remote NewStart CGSL host, running version MAIN 6.06, has c-ares packages installed that are affected by a vulnerability: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which...
CVE-2023-28109
Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...
Alibaba Cloud Linux 3 : 0072: nodejs:14 (ALINUX3-SA-2021:0072)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0072 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-22930: RESERVED This candidate ha...
CBL Mariner 2.0 Security Update: CBL-Mariner Releases / c-ares / pgbouncer (CVE-2021-3672)
The version of CBL-Mariner Releases / c-ares / pgbouncer installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3672 advisory. - A flaw was found in c-ares library, where a missing input validation check...
CVE-2024-57174
A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access...
BIT-NODE-MIN-2021-22931
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...
BIT-NODE-MIN-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...
Ubuntu: Security Advisory (USN-7047-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 20.04 LTS : Knot Resolver vulnerabilities (USN-7047-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7047-1 advisory. Vladimr unt discovered that Knot Resolver incorrectly handled input during DNSSEC validation. A remote attacker could possibly use this issue to bypass...
NewStart CGSL MAIN 6.02 : c-ares Multiple Vulnerabilities (NS-SA-2024-0066)
The remote NewStart CGSL host, running version MAIN 6.02, has c-ares packages installed that are affected by multiple vulnerabilities: - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnam...
Over 1 Million Domains at Risk of 'Sitting Ducks' Domain Hijacking Technique
Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system DNS, is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily...
Don’t Let Your Domain Name Become a “Sitting Duck”
More than a million domain names -- including many registered by Fortune 100 firms and brand protection companies -- are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image:...