@garment/plugin-runner-publish (>=0.13.7 <=0.18.0), bower-npm-resolver (=0.11.0) +4 more potentially affected by CVE-2022-0355 via simple-get (=3.0.3)

simple-get NPM version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on simple-get and may be impacted: - @garment/plugin-runner-publish =0.13.7, =3.2.4, =2.0.3, =2.0.5 Source cves: CVE-2022-0355 Source advisory: OSV:GHSA-WPG7-2C88-R8XV...

Mageia: Security Advisory (MGASA-2017-0464)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2022:0151-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0151-1 advisory. - In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, a...

OPENSUSE-SU-2022:0151-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance bsc1192146...

SUSE-SU-2022:0151-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance bsc1192146...

CVE-2022-20614

A missing permission check in Jenkins Mailer Plugin 391.ve4a38c1bcf4b and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname...

MGASA-2021-0560 Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service large delays for responses for client...

CLSA-2021-1639681836 Fix CVE(s): CVE-2021-25219

SECURITY UPDATE: resolver performance degradation via lame cache abuse - debian/patches/CVE-2021-25219.patch: disable lame cache in bin/named/config.c, bin/named/server.c, lib/dns/resolver.c. - CVE-2021-25219...

Lame cache can be abused to severely degrade resolver performance

...

CVE-2021-0954

In ResolverActivity, there is a possible user interaction bypass due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID:...

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

OESA-2021-1459 bind security update

Domain Name System DNS Server. Security Fixes: In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.18 of the BIND 9.17 development branch, exploitation of broken...

golang: net: lookup functions may return invalid host names

A flaw was found in Go. The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in the net package and methods on the Resolver type, may return arbitrary values retrieved from DNS, allowing injection of unexpected contents. The highest threat from this vulnerability is to integri...

OPENSUSE-SU-2021:1502-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance bsc1192146. This update was imported from the SUSE:SLE-15:Update update project...

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2021:3773-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3773-1 advisory. - In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview Edition, a...

OPENSUSE-SU-2021:3773-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance bsc1192146...

SUSE-SU-2021:3773-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance bsc1192146...

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path...

CLSA-2021-1637070791 Fix of CVE: CVE-2021-25219

CVE-2021-25219: Fix resolver performance degradation via lame cache abuse...

Fix of CVE: CVE-2021-25219

CVE-2021-25219: Fix resolver performance degradation via lame cache abuse...