Linux Distros Unpatched Vulnerability : CVE-2026-23320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: fncm: align netdevice lifecycle with bind/unbind Currently, the netdevice is allocated in ncmallocinst and freed in ncmfreeinst. This ties the...

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. Vulnerabilities exist in versions of ISC BIND 9 such as 9.16.50 and earlier, 9.18.46 and earlier, 9.20.20 and earlier, 9.21.19 and earlier, 9.16.50-S1 and earlier, 9.18.46-S1 and earlier, and 9.20.20-S1 and earlier...

ISC BIND 9.11.0 < 9.18.47 / 9.11.3-S1 < 9.18.47-S1 / 9.18.0 < 9.18.47 / 9.18.11-S1 < 9.18.47-S1 / 9.20.0 < 9.20.21 / 9.20.9-S1 < 9.20.21-S1 / 9.21.0 < 9.21.20 Vulnerability (cve-2026-1519)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-1519 advisory. - If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume...

Linux Distros Unpatched Vulnerability : CVE-2026-3119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incomin...

UBUNTU-CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. Vulnerabilities exist in versions 9.20.0 to 9.20.20, 9.21.0 to 9.21.19, and 9.20.9-S1 to 9.20.20-S1 of ISC BIND 9. These vulnerabilities could lead to crashes when processing queries with correctly signed TKEY records...

UBUNTU-CVE-2026-3104

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through...

UBUNTU-CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

Linux Distros Unpatched Vulnerability : CVE-2026-3104

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 throu...

ISC BIND 9.20.0 < 9.20.21 / 9.20.9-S1 < 9.20.21-S1 / 9.21.0 < 9.21.20 Assertion Failure (cve-2026-3104)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2026-3104 advisory. - A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.If a BIND...

Linux Distros Unpatched Vulnerability : CVE-2026-3591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may b...

Fedora 45 : bind / bind-dyndb-ldap (2026-8db2f80244)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-8db2f80244 advisory. Update to 9.18.47 rhbz2440561 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 Source:...

Linux Distros Unpatched Vulnerability : CVE-2026-1519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers...

CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file...

CVE-2026-30932

Froxlor is vulnerable to BIND zone file injection via unsanitized content in DomainZones.add for LOC, RP, SSHFP, and TLSA records. The API does not validate content, allowing injection of BIND directives like $INCLUDE which get written into the zone file and processed by BIND, exposing server fil...

GHSA-X6W6-2XWP-3JH6 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API

Summary The DomainZones.add API endpoint accessible to customers with DNS enabled does not validate the content field for several DNS record types LOC, RP, SSHFP, TLSA. An attacker can inject newlines and BIND zone file directives e.g. $INCLUDE into the zone file that gets written to disk when th...

Arbitrary Code Injection

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Arbitrary Code Injection via unsanitized input in the content field of the DomainZones API. An attacker can inject arbitrary BIND zone file directives, such as $INCLUDE, by submitting...

CVE-2019-25646

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...