27 matches found
EUVD-2026-39182
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...
CVE-2026-12244 Heap overflow and crash with crafted SVCB RR
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...
SUSE CVE-2026-33611
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...
EUVD-2026-24951
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...
DEBIAN-CVE-2026-33611
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...
CVE-2026-33599
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
UBUNTU-CVE-2026-33599
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
CVE-2026-33611 Insufficient validation of HTTPS and SVCB records
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...
CVE-2026-33611
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...
CVE-2026-33611
An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...
CVE-2026-33599 Out-of-bounds read in service discovery
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
CVE-2026-33599
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
CVE-2026-33599
A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...
PT-2026-34443
Name of the Vulnerable Software and Affected Versions PowerDNS Recursor affected versions not specified Description A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request. This occurs when the request is made via the autoUpgrade Lua option to newServer or...
PT-2026-34448
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An operator with access to the REST API can cause the Authoritative server to generate invalid HTTPS or SVCB record data. This action can lead to corruption of t...
CVE-2025-31964
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...
CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...
CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration
Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...
CVE-2025-31964
CVE-2025-31964 affects HCL BigFix IVR 4.2. The issue is an improper service binding configuration in internal service components that causes administrative services to be bound to external network interfaces rather than the local authentication interface, potentially impacting service availabilit...
PT-2026-1582
Name of the Vulnerable Software and Affected Versions HCL BigFix IVR version 4.2 Description A configuration issue with service binding in internal service components allows a privileged attacker to affect service availability. This occurs because administrative services are exposed through...