Lucene search
K

24 matches found

GithubExploit
GithubExploit
added 2026/05/24 2:23 p.m.106 views

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2026-41096 - Crash PoC Heap overflow in DnsRawTruncateMe...

9.8CVSS6.1AI score0.01932EPSS
Exploits4
Cvelist
Cvelist
added 2026/03/31 12:4 p.m.25 views

CVE-2026-27853 Out-of-bounds write when rewriting large DNS packets

An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535...

5.9CVSS0.00489EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/20 7:59 p.m.1 views

CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

5.8AI score0.00292EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 7:59 p.m.14 views

CVE-2026-4437

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

5.8AI score0.00292EPSS
Exploits1References2Affected Software1
Amazon
Amazon
added 2025/02/05 12:0 a.m.6 views

Important: bind

Issue Overview: It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate...

7.5CVSS8AI score0.17935EPSS
Exploits0
OSV
OSV
added 2025/01/28 3:1 p.m.12 views

GO-2025-3415 DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium

DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium...

5.3CVSS5.4AI score0.00418EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/22 4:48 p.m.17 views

CVE-2025-23028 DoS in Cilium agent DNS proxy from crafted DNS responses

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an...

5.3CVSS0.00418EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/22 4:48 p.m.15 views

CVE-2025-23028 DoS in Cilium agent DNS proxy from crafted DNS responses

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an...

5.3CVSS6.8AI score0.00418EPSS
Exploits0References2
CVE
CVE
added 2025/01/22 4:48 p.m.298 views

CVE-2025-23028

Cilium DoS (CVE-2025-23028): A crafted DNS response can crash Cilium agents in clusters proxying DNS traffic, affecting versions 1.14.0–1.14.7, 1.15.0–1.15.11, and 1.16.0–1.16.4. Impact varies by DNS policy: traffic allowed without DNS-based policy continues; DNS-policyed connections may be disru...

5.3CVSS5AI score0.00418EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/16 6:56 p.m.10 views

CLSA-2023-1700160963 Fix CVE(s): CVE-2023-42117, CVE-2023-42119

SECURITY UPDATE: Remote code execution because of improper neutralization of special elements - debian/patches/CVE-2023-42117.patch: fix stringisipaddress - CVE-2023-42117 SECURITY UPDATE: dnsdb out-of-bounds read information disclosure - debian/patches/CVE-2023-42119.patch: harden dnsdb against...

9.8CVSS7.3AI score0.05673EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:15 a.m.3 views

SUSE CVE-2015-5986

openpgpkey61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via a crafted DNS response...

7.1CVSS6.8AI score0.26071EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/02/25 12:0 a.m.25 views

EulerOS 2.0 SP8 : openldap (EulerOS-SA-2020-1169)

According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the...

7.5CVSS6.6AI score0.07022EPSS
Exploits1References3
Prion
Prion
added 2020/01/02 11:15 p.m.30 views

Code injection

An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses...

4.3CVSS6.7AI score0.03094EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2010/02/05 10:30 p.m.19 views

CVE-2003-1579

Sun ONE aka iPlanet Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing...

4.3CVSS6.6AI score0.00898EPSS
Exploits1References1
NVD
NVD
added 2010/02/05 10:30 p.m.32 views

CVE-2003-1580

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...

4.3CVSS6.6AI score0.03709EPSS
Exploits1References1
NVD
NVD
added 2010/02/05 10:30 p.m.26 views

CVE-2003-1578

Sun ONE aka iPlanet Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning...

4.3CVSS6.7AI score0.01113EPSS
Exploits1References4
Cvelist
Cvelist
added 2010/02/05 10:13 p.m.20 views

CVE-2003-1578

Sun ONE aka iPlanet Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning...

6.7AI score0.01113EPSS
Exploits1References4
Cvelist
Cvelist
added 2010/02/05 10:13 p.m.24 views

CVE-2003-1579

Sun ONE aka iPlanet Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing...

6.6AI score0.00898EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2010/02/05 10:13 p.m.43 views

CVE-2003-1580

The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-lev...

4.3CVSS6.6AI score0.03709EPSS
Exploits1
CVE
CVE
added 2010/02/05 10:13 p.m.47 views

CVE-2003-1578

The CVE-2003-1578 entry concerns Sun ONE (iPlanet) Web Server 4.1–SP12 and 6.0–SP5 when DNS resolution is enabled for client IPs. The underlying issue, described as an Inverse Lookup Log Corruption (ILLC) vulnerability, allows remote attackers to hide HTTP requests from the log-preview functional...

4.3CVSS7AI score0.01113EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder