ALSA-2023:2261 Moderate: bind security and bug fix update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

EulerOS 2.0 SP11 : bind (EulerOS-SA-2023-1776)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack o...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2023-1732)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-1776)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Offchain resolver can be subject to man in the middle attacks

Lines of code Vulnerability details Description Calls to the offchain resolver are produced by the code below: function resolve bytes calldata name, bytes calldata data external view returns bytes memory string memory urls = new string; urls0 = gatewayURL; revert OffchainLookup addressthis, urls,...

The resolver address is redeclared in the "proveAndClaimWithResolver" function, which may cause a potential vulnerability.

Lines of code Vulnerability details Impact The vulnerability may allow an attacker to use a different address and potentially exploit the system for their own gain Proof of Concept address public immutable resolver; The proveAndClaimWithResolver function redeclares the resolver variable even thou...

Anyone can call enableNode and set a node resolver

Lines of code Vulnerability details Impact The lack of access control allows anyone to call the enableNode function and set the ENS resolver to the resolver set in DNSRegistrar if it has not been set before, or it belongs to the previous registrar set on the contract. This results in any unset no...

EulerOS Virtualization 2.9.1 : bind (EulerOS-SA-2023-1619)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance,...

verifySignatureWithKey - RRSIG RR's Signer's Name is never checked if it matches owner name

Lines of code Vulnerability details Impact According to RFC 4035 and as mentioned in the comments in function "verifySignatureWithKey" , the Signer's name should also be checked if it matches the owner name. If the Signer's Name field of an RRSIG record does not match the owner name of a DNSKEY...

A malicious user can impersonate an official address by registering a prefix of it as a name.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A malicious user can impersonate an official address by registering a prefix of it as a name. This is possible because parseAndResolve will first parse an address-style name as address first, and when i...

Debian dla-3394 : asterisk - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3394 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3394-1 [email protected]...

Debian: Security Advisory (DLA-3394-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: bind

Issue Overview: By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 A flaw was found in the Bind package, where the resolver ca...

CVE-2023-20866

In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...

LinkedIn: HTTP Request Smuggling (CL.0) leads to mass redirect users to attacker server without user interaction

Vulnerability description not provided...

Debian: Security Advisory (DLA-3371-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3371-1] unbound security update

Debian LTS Advisory DLA-3371-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany March 29, 2023 https://wiki.debian.org/LTS Package : unbound Version : 1.9.0-2+deb10u3 CVE ID : CVE-2020-28935 CVE-2022-3204 CVE-2022-30698 CVE-2022-30699 Debian Bug : 1016493 977165...

CVE-2023-20917

In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

UBUNTU-CVE-2023-20917

In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2023-078)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-078 advisory. NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an Unbound instance. Unbound is queri...