PT-2025-34363

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the packet set ring and packet notifier functions within the net/packet module. This occurs when packet set ring releases po-bind lock, allowing another thre...

CLSA-2024-1735311722 bind: Fix of CVE-2023-2828

Removed the bind-9.11.4-CVE-2023-2828-fixup.patch which caused problems with named-pkcs11...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway

Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...

Security Bulletin: IBM Technical Support Appliance - possible degraded performance or excessive CPU usage

Summary Domain Name Service DNS messaging is used to resolve hostnames to IP addresses. Vulnerability Details CVEID:CVE-2024-1737 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when content is being added or updated in resolver caches and authoritative zone databas...

Security Bulletin: IBM Technical Support Appliance - possible excessive CPU usage or denial of service

Summary DNS protocol allows teh IBM Technical Suport Appliance to resolve hostnames to their corresponding IP address. Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS messages. By flooding the target...

Security Bulletin: AIX is vulnerable to a denial of service due to ISC BIND

Summary Multiple vulnerabilities in ISC BIND could allow a remote attacker to cause a denial of service CVE-2024-0760, CVE-2024-1737, CVE-2024-4076, CVE-2024-1975. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2024-0760 DESCRIPTION: ISC BIND is vulnerable to a...

bind and bind-dyndb-ldap bug fix and enhancement update

An update is available for bind-dyndb-ldap. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

AIX is vulnerable to a denial of service due to ISC BIND

IBM SECURITY ADVISORY First Issued: Mon Nov 18 15:17:14 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory27.asc Security Bulletin: AIX is vulnerable to a denial of service due to ISC BIND...

The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.

The vulnerability of the DRM/AMDGPU kernel components in the Linux operating system is related to errors in the resource management of the amdgputtmgartbind function. Exploiting this vulnerability can allow a hacker to cause service failures...

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50387]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50387 Vulnerability Details CVEID:CVE-2023-50387 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when processing...

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-50868]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-50868 Vulnerability Details CVEID:CVE-2023-50868 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when preparing an NSEC...

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2023-4408]

Summary Redhat provided BIND is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-4408 Vulnerability Details CVEID:CVE-2023-4408 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error when parsing large DNS...

Security update for buildah

This update for buildah fixes the following issues: CVE-2024-9676: Fixed github.com/containers/storage: symlink traversal vulnerability in the containers/storage library can cause Denial of Service DoS bsc1231698: CVE-2024-9675: VUL-0: CVE-2024-9675: buildah,podman: buildah: cache arbitrary...

Fedora 38 : bind / bind-dyndb-ldap (2022-5cf67355ec)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-5cf67355ec advisory. - Upstream release notes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 41 : bind / bind-dyndb-ldap (2024-56ae6c2c7a)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-56ae6c2c7a advisory. - update to 9.18.28 rhbz2299467 - Fixes CVE-2024-4076 - Fixes CVE-2024-1975 - Fixes CVE-2024-1737 - Fixes CVE-2024-0760 ---- Automatic update for...

CVE-2024-11193

An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information in Yugabyte Anywhere logs, potentially allowing unauthorized users with access...

PT-2024-16810 · Yugabyte · Yugabytedb Anywhere

Name of the Vulnerable Software and Affected Versions: YugabyteDB Anywhere versions 2.20.0.0 through 2.20.6.0 YugabyteDB Anywhere versions 2.23.0.0 through 2.23.0.0 YugabyteDB Anywhere versions 2024.1.0.0 through 2024.1.2.0 Description: An information disclosure issue exists in Yugabyte Anywhere,...