PT-2025-34800 · Ipfire · Ipfire

Name of the Vulnerable Software and Affected Versions: IPFire version 2.29 Description: The DNS management interface dns.cgi in IPFire fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS HOSTNAME query parameters. This results in a reflected cross-site scripting XSS...

Linux Distros Unpatched Vulnerability : CVE-2017-9105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug m...

Linux Distros Unpatched Vulnerability : CVE-2022-30698

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an...

Linux Distros Unpatched Vulnerability : CVE-2022-30699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an...

Linux Distros Unpatched Vulnerability : CVE-2023-4408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but...

DEBIAN-CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

VulnCheck KEV: CVE-2023-37582

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

CLSA-2024-1725554505 unbound: Fix of CVE-2022-3204

CVE-2022-3204: add max number of lookups in the cache for target nameserver names...

ROS-20240815-07

A vulnerability in the GNU C Library's nscd nameserver caching daemon is related to the returning a pointer outside the expected range. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the GNU C Library nscd nameserver caching daemon is...

DEBIAN-CVE-2024-4076

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...

Medium: unbound

Issue Overview: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation...

Amazon Linux 2 : unbound (ALAS-2024-2468)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2468 advisory. NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. Th...

Apache RocketMQ < 4.9.7 / 5.x < 5.1.2 RCE (CVE-2023-37582)

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 4.9.6 / 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

Rocky Linux 9 : unbound (RLSA-2022:8062)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8062 advisory. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by...

Apache RocketMQ Command Execution Vulnerability

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-37582EXPLOIT Apache RocketMQ Arbitrary File Write Vu...

Apache RocketMQ Code Injection Vulnerability

Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. Apache RocketMQ suffers from a code injection vulnerability that originates from an extranet leak of the NameServer address and lack of privilege authentication, which can...

RocketMQ NameServer component Code Injection vulnerability

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

GHSA-GPQ8-963W-8QC9 RocketMQ NameServer component Code Injection vulnerability

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...