Malicious code in kraken-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 168f5bafda658807ea431a8cb06a1e3006d639d17b7f0c97d3d63e34f49129d5 On require/load, index.js imports os, dns, https, querystring, and the local package.json, then collects os.hostname, os.userInfo.username, os.homedi...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

Exim 安全漏洞

Exim is an open-source message transfer agent MTA developed by Exim Foundation and running on Unix systems. It primarily handles the routing, forwarding, and delivery of emails. Prior to Exim 4.99.2, there was a security vulnerability. This vulnerability occurred due to an exception in the octal...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc not glibc, an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dnexpand oddity in octal printing...

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

MAL-2026-1223 Malicious code in risk-utilities (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22f9a9b921e53b4755c41241969fcc8b410b09f29a63ed9c23c5a19c966b4946 During installation, the package starts obfuscated code that downloads and runs remote executables in specific environments. In some packages in the campaign,...

Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain

Wiz CTO Ami Luttwak discusses a new class of vulnerabilities discovered by Wiz Research, which exposed valuable dynamic DNS data from millions of endpoints worldwide...

FreeBSD : adns -- multiple vulnerabilities (08de38d2-e2d0-11ea-9538-0c9d925bbbc0)

Ian Jackson and the adns project reports : Vulnerable applications: all adns callers. Exploitable by: the local recursive resolver. Likely worst case: Remote code execution. Vulnerable applications: those that make SOA queries. Exploitable by: upstream DNS data sources. Likely worst case: DoS cra...

AZL-45057 CVE-2019-3870 affecting package samba for versions less than 4.18.3-1

A vulnerability was found in Samba from version including 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner root only access. However in some...

CVE-2019-9022

Removed by vendor...

Security and Artificial Intelligence: Hype vs. Reality

While artificial intelligence and machine learning are far from new, many in security suddenly believe these technologies will transform their business and enable them to detect every cyber threat that comes their way. But instead, the hype may create more problems than it solves. Recently,...

Learn How Trillions of DNS Requests Help Improve Security

Akamai's global platform is comprised of 240,000 servers in 3,750 locations within 134 countries. Additionally, our platform interacts with 1.3 billion client devices every day and we ingest 2.5 exabytes of data a year. So why are these stats important? The answer is that this visibility provides...

CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000003

Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

CVE-2018-1000002

Improper input validation bugs in DNSSEC validators components in Knot Resolver prior version 1.5.2 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay...

Graftor - But I Never Asked for This…

This post is authored by Holger Unterbrink and Matthew MolyettOverviewFree software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting somethi...

Akamai Launches New Solution to Help Enterprise Security Teams Address the Impact of Malware, Ransomware, and DNS-based Data Exfiltration

Today, we are proud to introduce Akamai Enterprise Threat Protector ETP. ETP is designed to provide customers quick-to-deploy and easy-to-manage cloud-based protection against the impact of complex, targeted threats such malware, ransomware, phishing, and DNS‑based data exfiltration. One...

The vulnerability of the PowerDNS Recursor software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in PowerDNS Recursor allows malicious actors to manipulate DNS data by using specially crafted zones...

PowerDNS Recursor 3.x < 3.1.7.2 Multiple Vulnerabilities

According to its self-reported version number, the version of the PowerDNS Recursor listening on the remote host is version 3.x prior to 3.1.7.2. It is, therefore, affected by multiple vulnerabilities : - A buffer overflow condition exists that allows a remote attacker, via crafted packets, to...