443 matches found
EUVD-2006-2074
Malware in sbrugna...
EUVD-2017-12283
Malware in sbrugna...
EUVD-2025-16006
Malicious code in bioql PyPI...
EUVD-2023-45770
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-11104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and...
CVE-2024-50861
The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...
USN-7526-1: Bind vulnerability
It was discovered that Bind incorrectly handled certain DNS messages with invalid TSIG. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...
CVE-2025-40775
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
DEBIAN-CVE-2025-40775
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
CVE-2025-40775
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
CVE-2025-40775
CVE-2025-40775 affects ISC BIND 9, specifically versions 9.20.0–9.20.8 and 9.21.0–9.21.7. The root cause is an invalid value in the TSIG algorithm field in an incoming DNS message, which causes BIND to abort with an assertion failure. The impact is remote denial of service via crafted TSIGs. A fi...
CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
CVE-2025-40775
When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...
ISC BIND 安全漏洞
ISC BIND is an ISC open source suite of open source software that implements the DNS protocol. A security vulnerability exists in ISC BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7, which stems from an invalid value in the TSIG algorithm field that could lead to an assertion...
PT-2025-22347 · Isc +3 · Bind 9 +3
Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.20.0 through 9.20.8 BIND 9 versions 9.21.0 through 9.21.7 Description: When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorith...
ROS-2-596
2.596 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
Linux Distros Unpatched Vulnerability : CVE-2017-3142
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSI...
CVE-2024-50861
The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...
CVE-2024-50861
The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...