Lucene search
K

46 matches found

Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0032

The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.5CVSS5.9AI score0.00813EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/12 2:17 p.m.66 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 2:17 p.m.2 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.9AI score0.00224EPSS
Exploits0References13
CVE
CVE
added 2026/06/12 2:17 p.m.301 views

CVE-2026-45674

CVE-2026-45674 affects Netty DNS resolution: the DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Affected versions are 4.1.135.Final and 4.2.15.Final; the issue is patched in those same versions. Potential impact is DNS cache poisoning via missing bai...

10CVSS5.2AI score0.00224EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/06/08 11:2 p.m.14 views

GHSA-676X-F7GG-47VC Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Summary Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Details In io.netty.resolver.dns.DnsResolveContextbuildAliasMap, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds. According to...

8.7CVSS5.5AI score0.00224EPSS
Exploits0References13
BDU FSTEC
BDU FSTEC
added 2026/06/08 12:0 a.m.3 views

The vulnerability of the LookupCNAME() function in the Go programming language allows a perpetrator to trigger a service failure.

The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.8CVSS5.8AI score0.00813EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2026/04/23 9:16 p.m.7 views

CVE-2026-6375

A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records PNRs without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw...

8.7CVSS0.00311EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 8:7 p.m.11 views

CVE-2026-6375

CVE-2026-6375 affects SpiceJet’s booking API, where unauthenticated users can enumerate PNRs and retrieve passenger names due to missing authorization checks on an endpoint intended for authenticated profile access. The entry notes a predictable PNR identifier pattern enabling systematic enumerat...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

SpiceJet Online Booking System 安全漏洞

The SpiceJet Online Booking System is an online ticketing system provided by the Indian company SpiceJet. It supports flight inquiries, bookings, and order management. The SpiceJet Online Booking System has a security vulnerability, which stems from the lack of authorization checks. This...

8.7CVSS5.8AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 3:17 p.m.20 views

CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

8.8CVSS0.00686EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 3:17 p.m.3 views

EUVD-2026-19685

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

8.8CVSS6.2AI score0.00686EPSS
Exploits1References1
CVE
CVE
added 2026/02/19 10:43 p.m.22 views

CVE-2026-26952

Technical details beyond the initial description are not provided in the connected documents. Publicly available data describes stored HTML injection in Pi-hole Admin Interface up to version 6.4; no additional technical specifics are included here. Monitor for updates.

5.4CVSS5.7AI score0.0024EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Avahi vulnerabilities (USN-7967-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7967-1 advisory. It was discovered that Avahi incorrectly terminated when processing browser records...

6.5CVSS5.8AI score0.00353EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/01/13 12:25 a.m.5 views

SUSE CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References11
Snyk
Snyk
added 2026/01/12 6:43 p.m.4 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the lookupmulticastcallback function. An attacker can cause a crash by sending unsolicited announcements containing CNAME resource records that point to resource records with short TTLs, which, upon expiration,...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/12 6:41 p.m.1 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the lookupstart process. An attacker can cause a crash of the daemon by sending two unsolicited announcements containing CNAME resource records two seconds apart. Remediation A fix was pushed into the master branc...

7.1CVSS6.3AI score0.00353EPSS
Exploits1References2
NVD
NVD
added 2026/01/12 6:15 p.m.10 views

CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS0.00353EPSS
Exploits1References3
NVD
NVD
added 2026/01/12 6:15 p.m.8 views

CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS0.00331EPSS
Exploits0References3
OSV
OSV
added 2026/01/12 6:15 p.m.6 views

ALPINE-CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS5.4AI score0.00353EPSS
Exploits1References1
OSV
OSV
added 2026/01/12 6:15 p.m.10 views

AZL-74274 CVE-2025-68468 affecting package avahi for versions less than 0.8-5

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1
Rows per page
Query Builder