30 matches found
kernel: iommu: disable SVA when CONFIG_X86 is set
A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...
SUSE CVE-2026-2291
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
EUVD-2026-29091
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
CVE-2026-2291
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
ALPINE-CVE-2026-2291
dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...
CVE-2026-2291
CVE-2026-2291 affects dnsmasq: a pre-auth remote heap buffer overflow in the extractor used during cache insertion (extract_name()) allows an attacker to inject false DNS cache entries. This can lead to DNS lookups redirecting to attacker-controlled IPs or cause a DoS. A PoC demonstrates ASAN-con...
JLSEC-2026-419 When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's...
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...
EUVD-2023-1551
Malicious code in bioql PyPI...
EUVD-2024-1245
Malicious code in bioql PyPI...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to ensure that cache entries are active before the cacheshow function is called in the SUNRPC module,...
Cache Poisoning
libcurl.so is vulnerable to Cache Poisoning. The vulnerability is due to improper handling of HSTS cache entries in curl, where a subdomain’s HSTS expiry time can overwrite the parent domain's cache entry, causing incorrect HTTPS timeout handling. It allows an attacker to trigger insecure HTTP...
ESP-NOW 安全漏洞
ESP-NOW is a Wi-Fi communication protocol open-sourced by Espressif Systems. A security vulnerability exists in ESP-NOW 2.5.1 and prior versions that stems from the risk of replay attacks due to the cache not distinguishing between message types. This could allow an attacker to clear legitimate...
Denial Of Service (DoS)
typo3/cms is vulnerable to Denial Of Service. The vulnerability is due to the unbound cHash argument, which attackers can exploit it by using valid cHash arguments for multiple pages, leading to additional useless page cache entries. This allows an attackers to generate a considerable amount of...
Cache Flooding in TYPO3 Frontend
Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the...
GO-2024-2785 CoreDNS may return invalid cache entries in github.com/coredns/coredns
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching...
CVE-2024-0874
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching...
AZL-40222 CVE-2024-0874 affecting package coredns for versions less than 1.11.1-8
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching...
CVE-2024-0874
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching...
CVE-2024-0874
CVE-2024-0874 affects CoreDNS. Root cause: improper CD bit handling leads to cache entries being incorrectly stored, causing invalid cache entries to be served. Impact: potential cache-related misbehavior; CVSS shows MEDIUM with network access. Remediation: upgrade CoreDNS to a patched version (e...
coredns 安全漏洞
CoreDNS is a DNS server for the CoreDNS community. A security vulnerability exists in coredns that stems from an incorrect cache implementation; this issue could result in invalid cache entries being returned...