Lucene search
K

193 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-42304

A flaw was found in Twisted, specifically within the twisted.names module. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted TCP DNS packet containing deeply chained compression pointers. This can lead to resource exhaustion, causing the...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
Mageia
Mageia
added 2026/05/14 2:43 a.m.13 views

Updated dnsmasq packages fix security vulnerabilities

CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...

8.8CVSS6.4AI score0.07237EPSS
Exploits4References2
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.18 views

SUSE CVE-2026-4893

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...

5.3CVSS5.8AI score0.02681EPSS
Exploits2References12
CVE
CVE
added 2026/05/11 4:47 p.m.39 views

CVE-2026-4891

CVE-2026-4891 is a heap-based out-of-bounds read in dnsmasq’s DNSSEC validation that enables remote DoS via a crafted DNS packet. Affected: dnsmasq; root cause: DNSSEC validation path leads to OOB read. Impact: denial of service with no confidentiality/integrity impact reported; exploitation deta...

7.5CVSS5.8AI score0.06226EPSS
Exploits0References13
CVE
CVE
added 2026/05/11 4:47 p.m.55 views

CVE-2026-4890

Dnsmasq is affected by CVE-2026-4890, a DoS vulnerability in DNSSEC validation. The issue is described as an infinite-loop flaw in DNSSEC validation, which can cause the dnsmasq service to crash or become unresponsive when processing a crafted DNS response. Affected component: dnsmasq’s DNSSEC va...

7.5CVSS5.8AI score0.07237EPSS
Exploits0References13
UbuntuCve
UbuntuCve
added 2026/05/11 12:0 p.m.13 views

CVE-2026-4893

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...

5.3CVSS5.8AI score0.02681EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2026/05/11 12:0 p.m.11 views

CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

5.3CVSS5.8AI score0.06226EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 2:25 p.m.8 views

SUSE-SU-2026:1618-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: - CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard bsc1261236. -...

8.2CVSS5.6AI score0.01028EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/03/31 11:57 a.m.25 views

CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

5.3CVSS0.01028EPSS
Exploits0References1
CVE
CVE
added 2026/03/31 11:57 a.m.19 views

CVE-2026-24028

CVE-2026-24028 affects dnsdist, a DNS load balancer. The issue arises when custom Lua code parses DNS packets with newDNSPacketOverlay, causing an out-of-bounds read that can crash the process and potentially disclose memory. Connected advisories confirm the vulnerability and list it among multip...

8.2CVSS5.9AI score0.01028EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/31 11:57 a.m.4 views

CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

8.2CVSS5.8AI score0.01028EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/03/25 12:0 a.m.10 views

dnsmasq -- multiple vulnerabilities

Simon Kelley reports: Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. Christopher Cullen and Molly Jaconski write, in Vulnerability Note VU471747:...

8.8CVSS6.3AI score0.07237EPSS
Exploits4References2
OSV
OSV
added 2026/01/30 4:26 p.m.4 views

CLEANSTART-2026-MB75553 vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record

Multiple security vulnerabilities affect the playwright-python package. A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00681EPSS
Exploits0References15
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.2 views

Astra Linux – Vulnerability in Ruby 3.1

The attack vector is a potential Denial of Service DoS attack. The vulnerability arises from an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can create a malicious DNS packet containing a highly compressed domain name. When the resolv library...

7.5CVSS6.7AI score0.00539EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.25 views

CVE-2025-1673

A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash denial of service or an incorrect computation...

8.2CVSS6.8AI score0.00323EPSS
Exploits0References1
OSV
OSV
added 2025/10/24 1:25 p.m.4 views

SUSE-SU-2025:3776-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption bsc1246430...

7.5CVSS6.8AI score0.00539EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-2256

Malware in sbrugna...

4.3CVSS6AI score0.02636EPSS
Exploits1References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2000-0565

Malware in sbrugna...

5CVSS6.4AI score0.03334EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-5226

Malware in sbrugna...

7.5CVSS6.7AI score0.09021EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-3673

Malware in sbrugna...

10CVSS9.1AI score0.01943EPSS
Exploits3References2
Rows per page
Query Builder