CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

Code injection

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

PT-2020-13194 · Cz.Nic +3 · Knot Resolver +3

Name of the Vulnerable Software and Affected Versions: Knot Resolver versions prior to 5.1.1 Description: The issue allows traffic amplification via a crafted DNS answer from an attacker-controlled server, also known as an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME ...

CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12667

Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12667

Knot Resolver (the Knot-resolver project) is affected by CVE-2020-12667. The vulnerability allows traffic amplification via a crafted DNS answer from an attacker-controlled server, triggered by random subdomains in the NSDNAME field of NS records (NXNSAttack). Affected versions are Knot Resolver ...

EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1571)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DISPUTED The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause...

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Privilege Escalation

kernel is vulnerable to privilege escalation. A flaw was found in the dnsresolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing...

Videolabs libmicrodns resource management error vulnerability (CNVD-2020-19846)

Videolabs libmicrodns is a cross-platform mDNS multicast DNS resolver from Videolabs Labs in France. A resource management error exists in resource allocation handling in Videolabs libmicrodns version 0.1.0. The vulnerability stems from mismanagement of system resources e.g., memory, disk space,...

Simplifying the ISP Transition to DNS Encryption

New protocols to encrypt DNS traffic, DNS over HTTPS DoH and DNS over TLS DoT, have been a visible Internet topic for the past two years. Akamai participated in the definition of DoH/DoT standards and recently released support in the high-performance CacheServe resolver. Major features include:...

Videolabs libmicrodns 0.1.0 rr_decode return value remote code execution vulnerability

Summary An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rrdecode function’s return value is not checked, leading to a double free that could be exploited to execute arbitrary...

Videolabs libmicrodns 0.1.0 resource record recursive label uncompression denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attack...

Videolabs libmicrodns 0.1.0 resource allocation denial-of-service vulnerabilities

Summary Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustio...

MassDNS - A High-Performance DNS Stub Resolver For Bulk Lookups And Reconnaissance (Subdomain Enumeration)

MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers...

Incorrect Query Responses

postfixmtastsresolver provides incorrect query responses. It can happen due to a lack of improper parsing of query responses from daemon under some conditions, resulting in effective STS policy downgrade...