16 matches found
GNU C Library 安全漏洞
The GNU C Library is an open-source, free C programming language library published by the GNU community under the LGPL license. Versions of the GNU C Library 2.34 to 2.43 contain security vulnerabilities. These vulnerabilities arise from the gethostbyaddr or gethostbyaddrr functions potentially...
EUVD-2018-7751
Malware in sbrugna...
EUVD-1999-0299
Malware in sbrugna...
CVE-1999-0299
Buffer overflow in FreeBSD lpd through long DNS hostnames...
SUSE CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
CVE-2018-15895
CVE-2018-15895 affects idreamsoft iCMS 7.0.11. The vulnerability is an SSRF in the remote function at app/spider/spider_tools.class.php that does not block DNS hostnames tied to private/reserved IPs (e.g., 127.0.0.1), allowing requests to internal addresses. Root cause notes link to an incomplete...
CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
Design/Logic Flaw
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
CVE-2015-1269
Removed by vendor...
CVE-2015-1269
CVE-2015-1269 affects Google Chrome and related Chromium-based packages. The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc failed to canonicalize DNS hostnames before comparing against HSTS/HPKP preload entries, enabling bypass of access restrictions via hostnames that end...
CVE-2015-1269
The DecodeHSTSPreloadRaw function in net/http/transportsecuritystate.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string...
CVE-2011-0520
The compressadddlabelpoints function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a...
Additional DNS Hostnames
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server. Different web servers may be hosted on...
CVE-1999-0299
CVE-1999-0299 corresponds to a buffer overflow in the FreeBSD lpd daemon triggered by long DNS hostnames. Connected sources (Nessus plugin) identify the affected product as FreeBSD 2.x lpd and note remediation by upgrading to FreeBSD 3.x. The description and Red Hat/NVD entries reiterate the same...
CVE-1999-0299
Buffer overflow in FreeBSD lpd through long DNS hostnames...