EUVD-2016-7104

Malware in sbrugna...

EUVD-2016-7106

Malware in sbrugna...

EUVD-2000-1016

Malware in sbrugna...

EUVD-2017-12283

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-3142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSI...

FreeBSD : dnsdist -- Transfer requests received over DoH can lead to a denial of service (f2d8342f-1134-11ef-8791-6805ca2fa271)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f2d8342f-1134-11ef-8791-6805ca2fa271 advisory. - When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

CVE-2024-25581

DNSDIST vulnerability CVE-2024-25581: When DNS over HTTPS is enabled (nghttp2 provider) and queries are routed to a tcp-only or DoT backend, an attacker can trigger an assertion failure by requesting a zone transfer (AXFR/IXFR) over DoH, causing the process to crash and a DoS. DoH is not enabled ...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

dnsdist -- Transfer requests received over DoH can lead to a denial of service

PowerDNS Security Advisory reports: When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over...

K59448931: BIND vulnerability CVE-2017-3142

Security Advisory Description An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely o...

K32049025: BIND vulnerability CVE-2016-6170

Security Advisory Description ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service secondary DNS server crash via a large AXFR response, and possibly allows IXFR servers to cause a denial of service IXFR client...

SUSE CVE-2016-7073

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found...

USN-5747-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources, leading to a denial of service. CVE-2016-2775 It was discovered that Bind incorrectly handled large zone data size received via...

Ubuntu 16.04 ESM : Bind vulnerabilities (USN-5747-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5747-1 advisory. It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to...

Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console

Summary BIND is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2017-3136 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by the improper handling of query requests when using DNS64 with "break-dnssec yes"...

ISC BIND Information Disclosure Vulnerability (CVE-2017-3142) - Windows

ISC BIND is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

SUSE: Security Advisory (SUSE-SU-2017:1737-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2020-1460)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...