Lucene search
K

198 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago6 views

dnsmasq < 2.93 Heap-Based Buffer Overflow (CVE-2026-12725)

The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a heap-based buffer overflow vulnerability. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause...

5.9CVSS6.2AI score0.00403EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/27 12:56 a.m.5 views

[SECURITY] Fedora 43 Update: ldns-1.9.2-1.fc43

ldns is a library with the aim to simplify DNS programming in C. All low-level DNS/DNSSEC operations are supported. We also define a higher level API which allows a programmer to for instance create or sign packets...

8.2CVSS5.8AI score0.00147EPSS
Exploits0
CVE
CVE
added 2026/06/25 1:1 p.m.11 views

CVE-2026-52690

CVE-2026-52690 affects the PowerDNS Recursor. Spoofed replies can cause an authoritative server’s IP to be marked as not supporting EDNS, leading to DNSSEC validation failures for records served by that server. The vulnerability’s impact is documented as enabling validation failures in the presen...

5.9CVSS5.8AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 4:16 p.m.8 views

UBUNTU-CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00403EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:55 p.m.4 views

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00403EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51332

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.93-1.1 Description A heap-based buffer overflow occurs when DNSSEC validation and query logging are simultaneously enabled. The issue arises when logging DS or DNSKEY replies that contain unsupported algorithm or...

5.9CVSS6.1AI score0.00403EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2026/06/11 9:35 a.m.16 views

Important: Red Hat Security Advisory: bind9.18 security update

An update for bind9.18 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS5.8AI score0.01545EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

FreeBSD : FreeBSD -- Multiple vulnerabilities in unbound (b604d3e1-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b604d3e1-6474-11f1-958d-bc241121aa0a advisory. Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups f...

10CVSS6.4AI score0.01272EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.12 views

EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-2279)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU...

7.5CVSS8AI score0.01545EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/09 3:36 p.m.13 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS8AI score0.01545EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/09 3:36 p.m.15 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

7.5CVSS7.9AI score0.01545EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/08 2:44 p.m.16 views

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

7.5CVSS7.9AI score0.01545EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/04 8:54 a.m.13 views

unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution

A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer after certain DS sub-query validations fail due to NSEC3 budget exhaustion. This may cause crashes and could potentially allow arbitrary code execution...

10CVSS6.1AI score0.01272EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/02 1:11 a.m.19 views

[SECURITY] Fedora 43 Update: unbound-1.25.1-1.fc43

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

10CVSS5.8AI score0.01272EPSS
Exploits0
OSV
OSV
added 2026/05/28 3:44 p.m.7 views

SUSE-SU-2026:21913-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.20 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.10)

The version of AOS installed on the remote host is prior to 7.3.1.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.10 advisory. - Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentatio...

9.8CVSS7.6AI score0.0218EPSS
Exploits1References14
OSV
OSV
added 2026/05/22 1:22 p.m.8 views

OESA-2026-2438 dnsmasq security update

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...

8.8CVSS6.3AI score0.07237EPSS
Exploits3References6
Debian CVE
Debian CVE
added 2026/05/20 9:18 a.m.10 views

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

10CVSS6.5AI score0.01272EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in bind9

If a server hosts a zone containing a “KEY” Resource Record, or if a resolver validates a “KEY” Resource Record from a DNSSEC-signed domain in its cache, a client can exhaust resolver CPU resources by sending a stream of SIG0 signed requests. This issue affects BIND 9 versions 9.0.0 through...

7.5CVSS7.5AI score0.02114EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.11 views

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References3
Rows per page
Query Builder