CVE-2026-2291 CVE-2026-2291

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

CVE-2026-2291

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

CVE-2026-2291

dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the session restoration process. An attacker can execute arbitrary memory deallocation by injecting a crafted session into the cache and triggering the application to call the relevant session restor...

GO-2026-4890 act: actions/cache server allows malicious cache injection in github.com/nektos/act

act: actions/cache server allows malicious cache injection in github.com/nektos/act...

PT-2026-29937

act: actions/cache server allows malicious cache injection in github.com/nektos/act...

CVE-2026-34042

act: The CVE-2026-34042 flaw in the act project’s actions/cache server lets connections from any interface create caches with arbitrary keys and read existing caches, potentially enabling arbitrary remote code execution inside the local Docker container. The issue stems from listening on all inte...

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

EulerOS Virtualization 2.12.0 : bind (EulerOS-SA-2026-1474)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker ...

EulerOS Virtualization 2.12.0 : dhcp (EulerOS-SA-2026-1479)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into...

EulerOS Virtualization 2.12.1 : dhcp (EulerOS-SA-2026-1422)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into...

EulerOS 2.0 SP12 : dhcp (EulerOS-SA-2026-1387)

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This...

MiracleLinux 7 : sssd-1.15.2-50.el7.8 (AXSA:2017-2463:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2463:06 advisory. It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a...

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

TencentOS Server 2: bind (TSSA-2025:0926)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0926 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

CLSA-2025-1764584370 bind: Fix of CVE-2025-40778

CVE-2025-40778: fix issue with BIND being too lenient when accepting records from answers to prevent injection of forged data into the cache...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: bind (UTSA-2025-990939)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990939 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects...

Unspecified Vulnerability in ISC BIND 9 (CNVD-2025-26736)

ISC BIND 9 is a domain name system software from the ISC organization. A security vulnerability exists in ISC BIND 9, which arises from an overly lax acceptance of response records, and can be exploited by an attacker to cause forged data to be injected into the cache...

Linux Distros Unpatched Vulnerability : CVE-2025-40778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue...