Fedora 45 : bind / bind-dyndb-ldap (2026-8db2f80244)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-8db2f80244 advisory. Update to 9.18.47 rhbz2440561 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 Source:...

UBUNTU-CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

UBUNTU-CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

UBUNTU-CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

UBUNTU-CVE-2026-3119

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

CVE-2026-30932

Froxlor is vulnerable to BIND zone file injection via unsanitized content in DomainZones.add for LOC, RP, SSHFP, and TLSA records. The API does not validate content, allowing injection of BIND directives like $INCLUDE which get written into the zone file and processed by BIND, exposing server fil...

CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

Arbitrary Code Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsanitized input in the content field of the DomainZones API. An attacker can inject arbitrary BIND zone file directives, such as $INCLUDE, by submitting...

Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

GHSA-X6W6-2XWP-3JH6 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

CVE-2019-25646

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...

CVE-2019-25646 Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...

CVE-2019-25646 Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...

CVE-2019-25646

Tabs Mail Carrier 2.5.1 contains a buffer overflow in the MAIL FROM SMTP command that allows remote code execution by sending a crafted MAIL FROM parameter. An attacker can connect to the SMTP service on port 25 and send an oversized MAIL FROM to overwrite the EIP and execute a bind shell payload...

PT-2026-27480

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.5 Description The DomainZones.add API endpoint, accessible to customers with DNS enabled, does not validate the content field for specific DNS record types LOC, RP, SSHFP, TLSA. This allows an attacker to inject...

PT-2026-27380

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...

Froxlor 注入漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.5 had an injection vulnerability. This vulnerability stemmed from the lack of validation of the content fields of the DomainZones.add API endpoint, which could allow for the...

CVE-2026-4590

A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site reques...

Kalcaddle Kodbox 安全漏洞

Kalcaddle Kodbox is a private cloud storage and online collaborative office platform developed by Kalcaddle Corporation. A security vulnerability exists in the 1.64 version of Kalcaddle Kodbox. This vulnerability stems from incorrect handling of the parameter “third” in the component loginSubmit...