40 matches found
dnsmasq: RRSIG rdlen underflow leading to heap OOB read
A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNSSEC validation. When processing RRSIG records, dnsmasq calculates the signature length by subtracting the fixed field size from the record's declared data length. A crafted RRSIG record with a data length smaller than the fixe...
CVE-2026-40092
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...
CVE-2024-45370
An authentication bypass vulnerability exists in the User profile management functionality of Socomec Easy Config System 2.6.1.0. A specially crafted database record can lead to unauthorized access. An attacker can modify a local database to trigger this vulnerability...
phpWhois arbitrary code execution via a crafted whois record
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record...
MGASA-2020-0375 Updated pdns packages fix security vulnerability
An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while...
openSUSE Security Update : pdns (openSUSE-2019-1904)
This update for pdns fixes the following issues : Security issues fixed : - CVE-2019-10203: Updated PostgreSQL schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. boo1142810 - CVE-2019-10162: Fixed a denial ...
Security update for pdns (important)
openSUSE Security Update: Security update for pdns Announcement ID: openSUSE-SU-2019:1904-1 Rating: important References: 1138582 1142810 Cross-References: CVE-2019-10162 CVE-2019-10163 CVE-2019-10203 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15 SUSE Package...
CVE-2019-10162
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...
CVE-2019-10162
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...
UBUNTU-CVE-2019-10162
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...
CVE-2019-10162
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...
CVE-2019-10162
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...
CVE-2019-10162
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...
Debian DLA-1843-1 : pdns security update
Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup. CVE-2019-10162 An issue has been found in PowerDNS Authoritative Server allowing an authorized user ...
PowerDNS Authoritative Server Zone Record DoS Vulnerability (2018-03)
An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. The issue is due to the fact that some memory is allocated before the parsin...
Integer overflow
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overfl...
CVE-2016-2120
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overfl...
CVE-2016-2120
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overfl...
Debian DLA-67-1 : php5 security update
CVE-2014-3538 It was discovered that the original fix for CVE-2013-7345 did not sufficiently address the problem. A remote attacker could still cause a denial of service CPU consumption via a specially crafted input file that triggers backtracking during processing of an awk regular expression...
CVE-2013-4353
The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake...