SUSE CVE-2018-1110

A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service...

SUSE CVE-2018-5745

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertio...

SUSE CVE-2018-10920

Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache...

SUSE CVE-2018-1000135

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure CWE-200 vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed,...

SUSE CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

SUSE CVE-2020-14312

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option local-service is not...

SUSE CVE-2021-3502

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...

SUSE CVE-2021-23017

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact...

SUSE CVE-2021-25219

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response...

SUSE CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...

SUSE CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

SUSE CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

SUSE CVE-2022-3204

A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for...

SUSE CVE-2022-3736

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and...

SUSE CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clien...

SUSE CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

SUSE CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

SUSE CVE-2022-40188

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service CPU consumption because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets...

EulerOS 2.0 SP10 : dhcp (EulerOS-SA-2023-1381)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively...

EulerOS 2.0 SP10 : dhcp (EulerOS-SA-2023-1353)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively...