Lucene search
K

435 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5667 CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns

CoreDNS has TSIG authentication bypass on gRPC and QUIC transports in github.com/coredns/coredns...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 1:11 p.m.6 views

OESA-2026-2720 coredns security update

CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins. Security Fixes: CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd...

7.1CVSS5.9AI score0.00407EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.5 views

Photon OS 4.0: Coredns PHSA-2026-4.0-1038

An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1038. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS5.7AI score0.00672EPSS
Exploits5References8
Photon
Photon
added 2026/06/19 12:0 a.m.7 views

Critical Photon OS Security Update - PHSA-2026-4.0-1038

Updates of 'coredns', 'python3-pip', 'rsync', 'redis', 'erlang' packages of Photon OS have been released...

9.8CVSS6.5AI score0.0051EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.5 views

Photon OS 5.0: Coredns PHSA-2026-5.0-0869

An update of the coredns package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0869. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS5.7AI score0.00672EPSS
Exploits5References7
CBLMariner
CBLMariner
added 2026/05/30 12:34 a.m.11 views

CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17

CVE-2026-39821 affecting package coredns for versions less than 1.11.4-17. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 12:22 p.m.11 views

CVE-2026-32934

A flaw was found in CoreDNS, a DNS server that chains plugins. The DNS-over-QUIC DoQ server is vulnerable to unbounded resource growth. An unauthenticated remote attacker can exploit this by opening numerous QUIC streams and sending only one byte per stream, causing the server to spawn excessive...

8.7CVSS5.7AI score0.00469EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/29 12:22 p.m.14 views

CVE-2026-32936

A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS DoH GET requests. The GET path, unlike the POST path, lacks size validation before processing large dns= query parameter...

8.7CVSS5.6AI score0.00672EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/29 12:16 p.m.12 views

CVE-2026-33489

A flaw was found in CoreDNS. An unauthorized remote client can exploit a vulnerability in the transfer plugin's Access Control List ACL stanza selection. This occurs when both a parent zone and a more-specific subzone are configured, and the longestMatch function incorrectly uses a lexicographic...

8.2CVSS5.8AI score0.00388EPSS
Exploits1References5
OSV
OSV
added 2026/05/20 7:7 p.m.7 views

GO-2026-4969 CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns

CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns...

8.7CVSS5.8AI score0.00469EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.14 views

PT-2026-42372

CoreDNS' DoQ worker pool does not bound stream backlog in github.com/coredns/coredns...

8.7CVSS5.8AI score0.00469EPSS
Exploits1References5
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.18 views

CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16

CVE-2026-35579 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

9.8CVSS5.8AI score0.0051EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.10 views

CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16

CVE-2026-33489 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

8.2CVSS5.8AI score0.00388EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.9 views

CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16

CVE-2026-32936 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

8.7CVSS5.8AI score0.00672EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/18 8:36 p.m.12 views

CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16

CVE-2026-32934 affecting package coredns for versions less than 1.11.4-16. A patched version of the package is available...

8.7CVSS5.8AI score0.00469EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/05/14 10:2 a.m.16 views

CVE-2026-35579

A flaw was found in CoreDNS. An unauthenticated network attacker can exploit incorrect handling of TSIG Transaction Signature authentication in the gRPC, QUIC, DoH DNS over HTTPS, and DoH3 transport implementations. This vulnerability allows an attacker to bypass TSIG protection, leading to...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.19 views

openSUSE 16 Security Update : coredns (openSUSE-SU-2026:20703-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20703-1 advisory. Changes in coredns: - Update to version 1.14.3: This release introduces Windows service support, along with full TSIG verification across DoH,...

9.8CVSS7.3AI score0.00672EPSS
Exploits5References26
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:2 a.m.10 views

CoreDNS DoH GET path missing size validation causes CPU and memory amplification

...

8.7CVSS5.8AI score0.00672EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:2 a.m.10 views

CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

...

8.2CVSS5.8AI score0.00388EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:2 a.m.11 views

CoreDNS TSIG authentication bypass on encrypted DNS transports

...

8.7CVSS5.8AI score0.00374EPSS
Exploits1
Rows per page
Query Builder