Lucene search
+L

443 matches found

CVE
CVE
added yesterday4 views

CVE-2026-62299

CoreDNS (rewrite plugin, edns0.go) prior to version 1.14.5 could panic when a downstream plugin returns a response with no OPT record. The code path in edns0.go dereferenced a DNS OPT without a nil check, triggered by a query matching a rewrite edns0 rule (local/nsid/subnet with set/append/replac...

5.3CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-62309

CoreDNS (Go) vulnerability CVE-2026-62309 affects the proxyproto plugin. A crafted PROXY v2 header with a non-UDP transport (family 0x11) can cause a crash via PacketConn.ReadFrom, where a nil readFrom result is reinterpreted after a failed parse and addr.String() is logged before crash recovery....

7.5CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday17 views

CVE-2026-62994 CoreDNS `k8s_external` headless AXFR can emit an empty transfer batch that panics the `transfer` plugin

CoreDNS is a DNS server written in Go. From 1.9.4 until 1.14.5, a network DNS client allowed to request AXFR for a CoreDNS zone can trigger a panic when CoreDNS is configured with k8sexternal headless-service zone transfers and Kubernetes contains a headless service endpoint with no declared port...

3.7CVSS
Exploits0References4
OSV
OSV
added 2026/07/09 12:53 p.m.3 views

OESA-2026-2939 coredns security update

CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins. Security Fixes: CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS acce...

7.7CVSS6.1AI score0.00385EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 1:11 p.m.6 views

OESA-2026-2720 coredns security update

CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins. Security Fixes: CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd...

7.1CVSS5.9AI score0.00407EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.5 views

Photon OS 4.0: Coredns PHSA-2026-4.0-1038

An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS5.7AI score0.00672EPSS
Exploits5References8
Photon
Photon
added 2026/06/19 12:0 a.m.7 views

Critical Photon OS Security Update - PHSA-2026-4.0-1038

Updates of 'python3-pip', 'coredns', 'erlang', 'rsync', 'redis' packages of Photon OS have been released...

9.8CVSS5AI score0.0051EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.6 views

Photon OS 5.0: Coredns PHSA-2026-5.0-0869

An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS5.7AI score0.00672EPSS
Exploits5References7
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.11 views

CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17

CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 12:22 p.m.16 views

CVE-2026-32936

A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS DoH GET requests. The GET path, unlike the POST path, lacks size validation before processing large dns= query parameter...

8.7CVSS5.6AI score0.00672EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/29 12:22 p.m.13 views

CVE-2026-32934

A flaw was found in CoreDNS, a DNS server that chains plugins. The DNS-over-QUIC DoQ server is vulnerable to unbounded resource growth. An unauthenticated remote attacker can exploit this by opening numerous QUIC streams and sending only one byte per stream, causing the server to spawn excessive...

8.7CVSS5.7AI score0.00469EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/29 12:16 p.m.14 views

CVE-2026-33489

A flaw was found in CoreDNS. An unauthorized remote client can exploit a vulnerability in the transfer plugin's Access Control List ACL stanza selection. This occurs when both a parent zone and a more-specific subzone are configured, and the longestMatch function incorrectly uses a lexicographic...

8.2CVSS5.8AI score0.00388EPSS
Exploits1References5
OSV
OSV
added 2026/05/20 7:7 p.m.7 views

GO-2026-4969 CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns

CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns...

8.7CVSS5.8AI score0.00469EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42372

CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns...

8.7CVSS5.8AI score0.00469EPSS
Exploits1References5
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.18 views

CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16

CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

9.8CVSS5.8AI score0.0051EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.10 views

CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16

CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

8.2CVSS5.8AI score0.00388EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.10 views

CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16

CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

8.7CVSS5.8AI score0.00672EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.12 views

CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16

CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

8.7CVSS5.8AI score0.00469EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/14 10:2 a.m.18 views

CVE-2026-35579

A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG Transaction Signature authentication in the gRPC, QUIC, DoH DNS over HTTPS, and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References4
Rows per page
Query Builder