Lucene search
K

196 matches found

RedHat Linux
RedHat Linux
added 2021/01/19 1:11 p.m.5 views

dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled

A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a...

8.3CVSS7.9AI score0.70754EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/01/19 1:11 p.m.4 views

dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled

A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary da...

8.3CVSS7.8AI score0.81191EPSS
Exploits0References6
OSV
OSV
added 2020/10/16 6:15 a.m.5 views

DEBIAN-CVE-2020-25829

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This result...

7.5CVSS7.9AI score0.06465EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/20 12:0 a.m.6 views

PowerDNS Recursor Input Validation Error Vulnerability

PowerDNS Recursor pdnsrecursor is a domain name resolution server from the Dutch company PowerDNS. A security vulnerability exists in PowerDNS Recursor versions 4.1.0 through 4.3.0 that stems from a failure to properly validate DNSSEC signatures. An attacker could exploit the vulnerability to...

7.5CVSS9.4AI score0.02434EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2020/04/10 12:0 a.m.10 views

DNSSEC validation fails when incorrect response to DNSKEY query is sent on Windows Server 2012 R2-based DNS server

DNSSEC validation fails when incorrect response to DNSKEY query is sent on Windows Server 2012 R2-based DNS server This article describes an issue in which the Domain Name System Security Extensions DNSSEC validation fails on a Windows Server 2012 R2-based DNS server. Before you install this...

6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/01/15 12:0 a.m.7 views

The vulnerability of the DNS resolver, knot resolver, arises due to insufficient validation of input data. This allows attackers to convert a domain protected by DNSSEC into a domain that is no longer protected by DNSSEC.

The vulnerability of the DNS resolver, Knot Resolver, exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to convert a domain protected by DNSSEC into a domain that is no longer protected by DNSSEC...

6.5CVSS6.7AI score0.01932EPSS
Exploits0References7Affected Software2
HackRead
HackRead
added 2019/12/19 5:11 p.m.39 views

Google & Mozilla ban Avast security extensions over data snooping

By Sudais In this specific case, it was Avast & AVG Security whose two browser extensions each have been found spying on users... This is a post from HackRead.com Read the original post: Google & Mozilla ban Avast security extensions over data snooping...

3.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2019/11/05 9:15 p.m.3 views

systemd: systemd-resolved allows unprivileged users to configure DNS

An improper authorization flaw was discovered in systemd-resolved in the way it configures the exposed DBus interface org.freedesktop.resolve1. An unprivileged local attacker could call all DBus methods, even when marked as privileged operations. An attacker could abuse this flaw by changing the...

4.4CVSS5.8AI score0.00511EPSS
Exploits1References4
OSV
OSV
added 2018/07/12 3:6 p.m.4 views

USN-3715-1 dns-root-data update

This update adds the latest DNSSEC validation trust anchor required for the upcoming Root Zone KSK Rollover and refreshes the list of root hints...

5.8AI score
Exploits0References2
OSV
OSV
added 2018/01/23 4:29 p.m.4 views

ALPINE-CVE-2017-15107

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...

7.5CVSS6.8AI score0.02646EPSS
Exploits0References1
OSV
OSV
added 2018/01/23 4:29 p.m.4 views

DEBIAN-CVE-2017-15107

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...

7.5CVSS7.4AI score0.02646EPSS
Exploits0References1
OSV
OSV
added 2018/01/23 3:29 p.m.6 views

UBUNTU-CVE-2017-15094

An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or...

5.9CVSS6.6AI score0.03302EPSS
Exploits0References4
OSV
OSV
added 2018/01/23 3:29 p.m.5 views

UBUNTU-CVE-2017-15090

An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of...

5.9CVSS6.5AI score0.00611EPSS
Exploits0References4
CISA
CISA
added 2017/08/21 12:0 a.m.11 views

DNSSEC Key Signing Key Rollover

On October 11, 2017, the Internet Corporation for Assigned Names and Numbers ICANN will be changing the Root Zone Key Signing Key KSK used in the domain name system DNS Security Extensions DNSSEC protocol. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is...

6.7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/01/16 6:31 a.m.9 views

bind: assertion failure while handling a query response containing inconsistent DNSSEC information

A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

7.5CVSS7.2AI score0.24602EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/01/16 6:1 a.m.7 views

bind: assertion failure while handling a query response containing inconsistent DNSSEC information

A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

7.5CVSS7.2AI score0.24602EPSS
Exploits0References5
OSV
OSV
added 2017/01/12 6:59 a.m.5 views

DEBIAN-CVE-2016-9147

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a response containing an inconsistency among the DNSSEC-related RRsets...

7.5CVSS7.3AI score0.24602EPSS
Exploits0References1
n0where
n0where
added 2016/06/08 2:12 a.m.24 views

Firefox Security Toolkit

Firefox Security Toolkit will download the most important security extensions and add them all into your browser. All the extensions have been chosen by a survey among the information security community. Based on the results, the Firefox Security Toolkit was made. Also, the Firefox Security Toolk...

6.3AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/01/28 1:45 p.m.7 views

bind: malformed DNSSEC key failed assertion denial of service

A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query for example, a query requiring a response from a zone containing a deliberately malformed key that would cause named functioning as ...

7.8CVSS6.8AI score0.33652EPSS
Exploits0References5
OSV
OSV
added 2015/07/07 5:0 p.m.5 views

UBUNTU-CVE-2015-4620

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit by constructing crafted zone data and then...

7.8CVSS7.2AI score0.37872EPSS
Exploits0References4
Rows per page
Query Builder