11895 matches found
CVE-2026-5950
A flaw was found in BIND 9. A remote, unauthenticated attacker can exploit an unbounded resend loop vulnerability in the resolver state machine during bad-server handling. By sending specially crafted queries that trigger specific retry conditions, the attacker can cause severe resource exhaustio...
[SECURITY] Fedora 43 Update: bind-dyndb-ldap-11.11-13.fc43
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...
Important: bind
Issue Overview: Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message, causing denial of service. Both authoritative servers and resolvers are affected...
Fedora 43 : bind / bind-dyndb-ldap (2026-b626e83a45)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-b626e83a45 advisory. Update to 9.18.49 rhbz2480121 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...
TencentOS Server 3: bind9.16 (TSSA-2026:0359)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0359 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2026-1755)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1755 advisory. Fix GSS-API resource leak CVE-2026-3039 Limit resolver server list size CVE-2026-3592 An unauthenticated remote attacker can crash any affected named instance with a single crafted DNS message...
TencentOS Server 3: bind (TSSA-2026:0362)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0362 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Malicious code in koishi-plugin-yuan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...
[SECURITY] Fedora 44 Update: bind-dyndb-ldap-11.11-15.fc44
This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...
Fedora 44 : bind / bind-dyndb-ldap (2026-411248c8d9)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-411248c8d9 advisory. Update to 9.18.49 rhbz2480121 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...
CVE-2026-5947 affecting package bind for versions less than 9.20.23-1
CVE-2026-5947 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-5946 affecting package bind for versions less than 9.20.23-1
CVE-2026-5946 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-3039 affecting package bind for versions less than 9.20.23-1
CVE-2026-3039 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-3592 affecting package bind for versions less than 9.20.23-1
CVE-2026-3592 affecting package bind for versions less than 9.20.23-1. A patched version of the package is available...
CVE-2026-3593 affecting package bind for versions less than 9.20.23-1
CVE-2026-3593 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-5950 affecting package bind for versions less than 9.20.23-1
CVE-2026-5950 affecting package bind for versions less than 9.20.23-1. An upgraded version of the package is available that resolves this issue...
curl: lib/ldap.c follows attacker-controlled LDAP referrals and binds to a second server; WinLDAP builds leak current logon credentials (confirmed on Window
Summary: curl's generic LDAP backend lib/ldap.c does not disable automatic LDAP referral chasing, unlike lib/openldap.c, which explicitly sets LDAPOPTREFERRALS to LDAPOPTOFF. As a result, a malicious first-hop LDAP server can return a referral to an attacker-controlled second LDAP server and caus...
Unbounded resend loop in BIND 9 resolver
...
Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
...
BIND 9 server memory exhaustion during GSS-API TKEY negotiation
...