MAL-2026-5399 Malicious code in kraken-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 168f5bafda658807ea431a8cb06a1e3006d639d17b7f0c97d3d63e34f49129d5 On require/load, index.js imports os, dns, https, querystring, and the local package.json, then collects os.hostname, os.userInfo.username, os.homedi...

EUVD-2026-27043

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

Tenda W3002R 安全漏洞

The Tenda W3002R is a wireless router produced by the Chinese company Tenda. The Tenda W3002R has a security vulnerability, which stems from a Cookie session weakness. This vulnerability allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. They ca...

EulerOS Virtualization 3.0.2.2 : c-ares (EulerOS-SA-2023-1246)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...

AlmaLinux 8 : c-ares (ALSA-2022:2043)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2043 advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostname...

CVE-2022-26639

TP-LINK TL-WR840NESV6.20 was discovered to contain a buffer overflow via the DNSServers parameter...

EulerOS Virtualization 3.0.6.0 : c-ares (EulerOS-SA-2022-1057)

According to the versions of the c-ares packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-2737)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : c-ares (EulerOS-SA-2021-2737)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-2704)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : c-ares (EulerOS-SA-2021-2623)

According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output ...

EulerOS 2.0 SP3 : c-ares (EulerOS-SA-2021-2574)

According to the versions of the c-ares packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output ...

CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

Input validation

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

CVE-2021-22931

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames leading to Domain Hijacking and injection...

Domain Hijacking

c-ares is vulnerable to Domain Hijacking. Missing input validation of host names returned by Domain Name Servers in the c-ares library can lead to output of wrong hostnames leading to Domain Hijacking...

As Internet turns 50, more risks and possibilities emerge

This op-ed originally appeared in the San Francisco Chronicle on October 28, 2019. We occupy a richly-connected world. On the Internet, we collapse distance and shift time. But this Internet that delivers mail, connects us with friends, lets us work anywhere, and shop from the palm of the hand, i...

Three Ways DNS is Weaponized and How to Mitigate the Risk

In the early stages of the “Net” each computer system participating in this network could only be contacted by knowing it’s unique 32bit IP address. As the Net grew into the Internet that we know today, some changes had to be made to allow this system of interconnected computers to communicate wi...