Astra Linux - уязвимость в bind9

If a server hosts a zone containing a “KEY” Resource Record, or if a resolver validates a “KEY” Resource Record from a DNSSEC-signed domain in its cache, a client can exhaust resolver CPU resources by sending a stream of SIG0 signed requests. This issue affects BIND 9 versions 9.0.0 through...

CVE-2026-32012

Rejected reason: This CVE ID has been rejected...

CVE-2026-32012

...

CVE-2026-32012

OpenClaw prior to 2026.2.25 is affected by CVE-2026-32012 due to a missing durable replay state for Nextcloud Talk webhook events. This allows an attacker to capture and replay valid signed webhook requests, potentially triggering duplicate inbound processing and causing integrity or availability...

PT-2026-27226

OpenClaw before 2026.2.25 lacks durable replay state for Nextcloud Talk webhook events, allowing valid signed requests to be replayed. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound processing and cause integrity or availability issues...

CVE-2026-28449

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

EUVD-2026-13011

OpenClaw versions prior to 2026.2.25 lack durable replay state for Nextcloud Talk webhook events, allowing valid signed webhook requests to be replayed without suppression. Attackers can capture and replay previously valid signed webhook requests to trigger duplicate inbound message processing an...

CVE-2026-25540

Mastodon prior to versions 4.3.19, 4.4.13, and 4.5.6 is vulnerable to web cache poisoning in Rails.cache when AUTHORIZED_FETCH is enabled. The ActivityPub endpoints for pinned posts and featured hashtags cache responses that depend on the signer’s account, but the internal cache reuse does not re...

SUSE CVE-2025-68671

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

MiracleLinux 4 : bind-9.8.2-0.68.8.0.2.rc1.AXS4 (AXBA:2021-1480:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2021-1480:02 advisory. - In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the...

Replay Attack

Overview Affected versions of this package are vulnerable to Replay Attack via the authentication process in the S3 gateway. An attacker can gain unauthorized access or perform actions by replaying previously captured signed requests, as the system does not validate timestamps on authenticated...

CVE-2025-68671

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

CVE-2025-68671

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

PT-2026-3139

Name of the Vulnerable Software and Affected Versions lakeFS versions prior to 1.75.0 Description lakeFS's S3 gateway does not validate timestamps in authenticated requests, which allows for replay attacks. An attacker capturing a valid signed request can replay it until credentials are rotated,...

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

EUVD-2011-0922

Malware in sbrugna...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-2520)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6909-2 bind9 vulnerabilities

USN-6909-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possib...

Ubuntu 18.04 LTS : Bind vulnerabilities (USN-6909-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6909-2 advisory. USN-6909-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the preceding...

Denial Of Service (DoS)

libbind9.so is vulnerable to Denial of Service. The vulnerability is due to the handling of "KEY" Resource Records in DNSSEC-signed domains, allowing attackers to exhaust resolver CPU resources by sending a stream of SIG0 signed requests...