Lucene search
K

13 matches found

Mageia
Mageia
added 2026/05/14 2:43 a.m.12 views

Updated dnsmasq packages fix security vulnerabilities

CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...

8.8CVSS6.4AI score0.07237EPSS
Exploits4References2
CVE
CVE
added 2026/05/11 4:47 p.m.37 views

CVE-2026-4891

CVE-2026-4891 is a heap-based out-of-bounds read in dnsmasq’s DNSSEC validation that enables remote DoS via a crafted DNS packet. Affected: dnsmasq; root cause: DNSSEC validation path leads to OOB read. Impact: denial of service with no confidentiality/integrity impact reported; exploitation deta...

7.5CVSS5.8AI score0.06226EPSS
Exploits0References13
CVE
CVE
added 2026/05/11 4:47 p.m.52 views

CVE-2026-4890

Dnsmasq is affected by CVE-2026-4890, a DoS vulnerability in DNSSEC validation. The issue is described as an infinite-loop flaw in DNSSEC validation, which can cause the dnsmasq service to crash or become unresponsive when processing a crafted DNS response. Affected component: dnsmasq’s DNSSEC va...

7.5CVSS5.8AI score0.07237EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2026/05/11 12:0 p.m.12 views

CVE-2026-4893

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...

5.3CVSS5.8AI score0.02681EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2026/03/25 12:0 a.m.9 views

dnsmasq -- multiple vulnerabilities

Simon Kelley reports: Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. Christopher Cullen and Molly Jaconski write, in Vulnerability Note VU471747:...

8.8CVSS6.3AI score0.07237EPSS
Exploits4References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-3673

Malware in sbrugna...

10CVSS9.1AI score0.01943EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-2956

Malware in sbrugna...

5CVSS6AI score0.09235EPSS
Exploits0References10
ArchLinux
ArchLinux
added 2019/01/24 12:0 a.m.40 views

[ASA-201901-15] haproxy: denial of service

Arch Linux Security Advisory ASA-201901-15 ========================================== Severity: Medium Date : 2019-01-24 CVE-ID : CVE-2018-20102 CVE-2018-20103 Package : haproxy Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-836 Summary ======= The package haproxy...

7.5CVSS2.1AI score0.06593EPSS
Exploits0References7
OSV
OSV
added 2018/04/24 7:29 p.m.7 views

CVE-2017-12087

An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability...

9.8CVSS9.5AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/06/30 12:0 a.m.27 views

Fedora 25 : systemd (2017-29d909f5ec)

A fix for an out-of-bounds write in systemd-resolved after a crafted DNS packet CVE-2017-9445. No need to reboot or log out. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clea...

7.5CVSS7.6AI score0.55116EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2017/05/30 12:0 a.m.43 views

Fedora 25 : systemd (2017-8ff992386d)

A security fix for a systemd-resolved crash on a crafted DNS packet. Relevant only to systemd-resolved users not enabled by default. No need to reboot or logout. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenabl...

7.5CVSS6.3AI score0.15422EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/07/27 10:27 a.m.14 views

CVE-2012-2978

query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service NULL pointer dereference and child process crash via a crafted DNS packet...

5CVSS5.9AI score0.09235EPSS
Exploits0References2
Prion
Prion
added 2008/01/03 10:46 p.m.6 views

Design/Logic Flaw

MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name CNAME record from resolving, aka "improper rotation of resource records."...

5CVSS6.6AI score0.02113EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder