13 matches found
SUSE CVE-2026-42960
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
EUVD-2026-31083
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
CVE-2026-42960
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
CVE-2026-42960
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section
NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...
Sierra Wireless ALEOS 操作系统命令注入漏洞
Sierra Wireless ALEOS AAF is a framework for creating applications in Sierra Wireless AirLink gateways from Sierra Wireless Canada. A security vulnerability exists in Sierra Wireless ALEOS that originates from a user with valid credentials being able to manipulate IP records to execute arbitrary...
The vulnerability of the performance.getEntries() method in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the performance.getEntries method in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the inclusion of functions from an unverified controlled area. Exploiting this vulnerability could allow a remote attacker to obtain URL records from various...
DEBIAN-CVE-2021-33833
ConnMan aka Connection Manager 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH for A or AAAA...
UBUNTU-CVE-2018-1043
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames...
DEBIAN-CVE-2011-2500
The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...
UBUNTU-CVE-2011-2500
The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...
[SECURITY] [DSA 1507-1] New turba2 packages fix permission testing
------------------------------------------------------------------------ Debian Security Advisory DSA-1507-1 [email protected] http://www.debian.org/security/ Steve Kemp February 24, 2008 http://www.debian.org/security/faq -...