GHSA-CFXW-4H78-H7FW DNSJava DNSSEC Bypass

Summary Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. Details DNS Messages are not authenticated. They do not guarantee that - received RRs are authentic - not received RRs do not exist - all or any received...

PT-2024-21058 · Dnsjava +2 · Dnsjava +2

Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...

Huawei EulerOS: Security Advisory for docker-engine (EulerOS-SA-2024-1903)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31147)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31147 advisory. - c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom a...

CBL Mariner 2.0 Security Update: bind (CVE-2023-6516)

The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6516 advisory. - To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up t...

dnspython: denial of service in stub resolver

The dnspython stub resolver is vulnerable to a denial of service DoS risk if an attacker sends a malicious response forged with the correct address and port before a legitimate one arrives on the UDP port used by dnspython for the query. In such cases, dnspython could either switch to another...

Prototype Pollution

@apphp/object-resolver is vulnerable to Prototype Pollution. The vulnerability is due to manipulation of the prototype via the function Module.setNestedProperty, potentially allowing attackers to modify object properties to execute arbitrary code...

GHSA-64JQ-M7RQ-768H Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

GHSA-QJ86-V6M7-4QV2 Object Resolver Prototype Pollution

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

Object Resolver Prototype Pollution

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

CVE-2024-36577

apphp js-object-resolver 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty...

CVE-2024-36577

The vulnerability affects apphp/js-object-resolver prior to version 3.1.1. It enables Prototype Pollution via Module.setNestedProperty, potentially allowing an attacker to modify object properties and, per Veracode, potentially execute arbitrary code. Remediation: upgrade to 3.1.1 or later.

PT-2024-27076 · Unknown · Js-Object-Resolver

Name of the Vulnerable Software and Affected Versions: js-object-resolver versions prior to 3.1.1 Description: The issue allows for Prototype Pollution via the setNestedProperty function of the Module. This can potentially lead to unintended behavior or security issues. Recommendations: For...

Object Resolver Security Vulnerability

Object Resolver is a general-purpose feature by Samuel Akopyan Personal Developer. It is used to handle nested attributes in JavaScript objects of unlimited depth. A security vulnerability exists in Object Resolver versions prior to 3.1.1, which stems from allowing an attacker to cause prototype...

RLSA-2024:3275 Moderate: python-dns security update

The python-dns package contains the dnslib module that implements a DNS client and additional modules that define certain symbolic constants used by DNS, such as dnstype, dnsclass and dnsopcode. Security Fixes: dnspython: denial of service in stub resolver CVE-2023-29483 For more details about th...

python-dns security update

An update is available for python-dns. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-dns package contains the dnslib module that implements a DNS...

RLSA-2024:3271 Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System DNS on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the...

spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticatedAuthentication direct...