CVE-2019-10163

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured a...

CVE-2019-10163

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured a...

CVE-2019-10162

PowerDNS Authoritative Server vulnerability CVE-2019-10162 affects versions prior to 4.1.10 and 4.0.8. An authorized user can cause the server to terminate by inserting a crafted MASTER zone record, triggered when the server parses NS/A/AAAA data for an outgoing NOTIFY. The issue is tied to how p...

CVE-2019-10162

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...

plumeliaedizioni.it Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-887135 Security Researcher Renzi Helped patch 6742 vulnerabilities Received 8 Coordinated Disclosure badges Received 36 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting plumeliaedizioni.it website a...

PowerDNS Authoritative Server Denial of Service Vulnerability

PowerDNS Authoritative Server is a DNS server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Authoritative Server version 4.1.8 and earlier. An attacker can exploit this vulnerability by sending a large number of NOTIFY packets to cause a denial of service...

PowerDNS Authoritative Server NOTIFY Packets DoS Vulnerability (2019-05)

PowerDNS Authoritative Server is prone to a denial of service DoS via NOTIFY packets. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian DSA-4470-1 : pdns - security update

Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...

Cryptocurrency Firm Itself Hacked Its Customers to Protect Their Funds From Hackers

Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a...

Malicious Package

Overview All versions of electron-native-notify contain malicious code. The package was part of a targeted attack to steal cryptocurrency wallet seeds and upload them to a remote server, effectively giving attackers access to users wallets. Recommendation Remove the package from your environment...

CVE-2019-12252

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges guest can view an arbitrary post by appending its number to the SDNotify.do?notifyModule=Solution&mode=E-Mail&notifyTo=SOLFORWARD&id= substring...

ALPINE-CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...

CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...

kernel: Use-after-free in sys_mq_notify()

A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mqnotify function, a local attacker could potentially use this flaw to escalate their privileges on the system...

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

USN-3816-1 systemd vulnerabilities

Jann Horn discovered that unitdeserialize incorrectly handled status messages above a certain length. A local attacker could potentially exploit this via NotifyAccess to inject arbitrary state across re-execution and obtain root privileges. CVE-2018-15686 Jann Horn discovered a race condition in...

kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

The timercreate syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-sigevnotify field, which leads to out-of-bounds access in the showtimer function...

Microsoft Internet Explorer 11 - Null Pointer Dereference

Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134.0 Update Versions: 11.0.90 KB4462949 11.1387.15063.0 Upda...