2965 matches found
CVE-2022-24793
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to...
CVE-2022-24793 Potential heap buffer overflow when parsing DNS packets in PJSIP
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to...
CLSA-2022-1649170483 Fix CVE(s): CVE-2021-25220
SECURITY UPDATE: cache poisoning via bogus NS records - debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of records into the cache in lib/dns/resolver.c. - CVE-2021-25220...
[SECURITY] Fedora 34 Update: bind-9.16.27-1.fc34
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
[SECURITY] Fedora 36 Update: bind-9.16.27-1.fc36
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
AlmaLinux 8 : nginx:1.20 (ALSA-2022:0323)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0323 advisory. nginx: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name CVE-2021-23017 Tenable has extracted the preceding description blo...
CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration...
Hardcoded credentials
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration...
Home Assistant 安全漏洞
Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. A security vulnerability exists in the Home Assistant Operating System and Supervised that allows a DNS operator to gain knowledge about internal network resources...
CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration...
EulerOS 2.0 SP5 : bind (EulerOS-SA-2022-1261)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as wel...
CLSA-2022-1646085758 Fix of CVE: CVE-2021-23017
CVE-2021-23017: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name...
CLSA-2022-1646060645 Fix of CVE: CVE-2021-23017
CVE-2021-23017: Off-by-one in ngxresolvercopy when labels are followed by a pointer to a root domain name...
EulerOS 2.0 SP10 : bind (EulerOS-SA-2022-1237)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as wel...
Moderate: Red Hat Security Advisory: unbound security update
An update for unbound is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Injection
Overview std/net is a Go standard library package std/net Affected versions of this package are vulnerable to Injection. Go Vulnerability Report: The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions and their respective methods on the Resolver type may return arbitrary values...
GO-2021-0239 Improper sanitization when resolving values from DNS in net
The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions and their respective methods on the Resolver type may return arbitrary values retrieved from DNS which do not follow the established RFC 1035 rules for domain names. If these names are used without further sanitization, for...
bind security update
32:9.8.2-0.68.rc1.0.3.8 - Backport fix for CVE-2018-5741 Orabug: 33496185 32:9.8.2-0.68.rc1.0.2.8 - Backport possible assertion failure on DNAME processing CVE-2021-25215 32:9.8.2-0.68.rc1.0.1.8 - Backport the fix for buffer overflow CVE-2020-8625 Orabug: 32588749 32:9.8.2-0.68.rc1.8 - Fix...
Oracle Linux 8 : nginx:1.20 (ELSA-2022-0323)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0323 advisory. 1.20.1-1.0.1 - Remove Red Hat references Orabug: 29498217 1:1.20.1-1 - rebase to 1.20.1 addressing CVE-2021-23017 Tenable has extracted the preceding descriptio...
nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name
A flaw was found in nginx. An off-by-one error while processing DNS responses allows a network attacker to write a dot character out of bounds in a heap allocated buffer which can allow overwriting the least significant byte of next heap chunk metadata likely leading to a remote code execution in...