Lucene search
+L

382 matches found

Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47614

Name of the Vulnerable Software and Affected Versions Netty ionetty:netty-resolver-dns affected versions not specified Description Insufficient validation of the bailiwick of NS records in DnsResolveContext allows for DNS Cache Poisoning. An attacker controlling an authoritative name server for a...

10CVSS5.5AI score0.00292EPSS
Exploits0References63
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47551

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

8.7CVSS5.5AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 8:54 a.m.12 views

unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options

A flaw was found in Unbound, a Domain Name System DNS resolver. A remote attacker could trigger a heap overflow by sending specially crafted DNS reply packets. This occurs when Unbound attempts to encode multiple Name Server Identifier NSID or Extension Mechanisms for DNS EDNS Cookie options, or...

8.7CVSS5.8AI score0.00842EPSS
Exploits0References4
Fedora
Fedora
added 2026/05/26 1:22 a.m.16 views

[SECURITY] Fedora 43 Update: bind-9.18.49-1.fc43

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

7.5CVSS5.8AI score0.0181EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.18 views

RHEL 8 : dnsmasq (RHSA-2026:20589)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20589 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

8.8CVSS6AI score0.07237EPSS
Exploits3References12
UbuntuCve
UbuntuCve
added 2026/05/22 6:16 p.m.15 views

CVE-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/21 8:3 a.m.17 views

Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

...

8.7CVSS5.8AI score0.00842EPSS
Exploits0
OSV
OSV
added 2026/05/20 1:16 p.m.2 views

CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

5.3CVSS6AI score0.00551EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:9 p.m.14 views

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/20 11:38 a.m.16 views

CVE-2026-42944

A flaw was found in Unbound, a Domain Name System DNS resolver. A remote attacker could trigger a heap overflow by sending specially crafted DNS reply packets. This occurs when Unbound attempts to encode multiple Name Server Identifier NSID or Extension Mechanisms for DNS EDNS Cookie options, or...

8.7CVSS5.7AI score0.00842EPSS
Exploits0References3
CVE
CVE
added 2026/05/20 9:20 a.m.44 views

CVE-2026-42944

NLnet Labs Unbound 1.14.0–1.25.0 is affected by a heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in replies. The vulnerability requires the options (nsid, answer-cookie, pad-responses) to be enabled, and a querier can trigger the overflow by attaching...

8.7CVSS5.8AI score0.00842EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/05/20 9:18 a.m.36 views

CVE-2026-40622

Affected software: NLnet Labs Unbound (versions 1.16.2 through 1.25.0). Vulnerability: ghost domain names attack that can extend the ghost domain window by up to one cached TTL (cache-max-ttl) by overwriting the cached expired parent‑side referral NS RRset with the child‑side apex NS RRset via a ...

8.7CVSS5.7AI score0.00171EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:18 a.m.9 views

CVE-2026-40622

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

8.7CVSS5.7AI score0.00171EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/20 9:18 a.m.56 views

CVE-2026-40622 Another 'ghost domain names' attack variant

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

8.7CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 9:18 a.m.8 views

CVE-2026-40622 Another 'ghost domain names' attack variant

NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...

8.7CVSS5.7AI score0.00171EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in unbound

Unbound versions up to and including 1.24.1 are vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers into updating their delegation information for the zone. Typically, these RRSets are use...

7.1CVSS7AI score0.00311EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. There are security vulnerabilities in the version of NLnet Labs Unbound from 1.14.0 to 1.25.0. These vulnerabilities stem from the truncation of size calculations when encoding multiple NSIDs and/or DNS Cookies, as...

8.7CVSS5.9AI score0.00842EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.15 views

CVE-2026-42944

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

8.7CVSS5.8AI score0.00842EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 12:0 a.m.13 views

UBUNTU-CVE-2026-42944

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

8.7CVSS5.8AI score0.00842EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.17 views

ISC BIND 9.20.0 < 9.20.23 / 9.20.9-S1 < 9.20.23-S1 / 9.21.0 < 9.21.22 Vulnerability (cve-2026-5947)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-5947 advisory. - Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming D...

7.5CVSS5.8AI score0.01387EPSS
Exploits0References2
Rows per page
Query Builder