Lucene search
K

316 matches found

EUVD
EUVD
added 2026/07/06 7:55 a.m.4 views

EUVD-2026-41825

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering 'java.;javax.;org.apache.camel.;!', or the no-'javax.' variant in the aggregation-repository component...

8.1CVSS6AI score0.00546EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-40011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be...

3.7CVSS6.1AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 1:16 p.m.12 views

CVE-2026-40011

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires...

3.7CVSS0.00158EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 12:23 p.m.8 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
CVE
CVE
added 2026/06/25 12:22 p.m.20 views

CVE-2026-40011

CVE-2026-40011 describes a denial-of-service condition where sending a large number of crafted DNS queries can cause a dynamic block to be inserted with a value that yields invalid output on the Prometheus endpoint. The Prometheus data may then be rejected by the scraper until the dynamic block e...

3.7CVSS5.8AI score0.00158EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4,...

5.3CVSS6AI score0.00219EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/05 7:7 p.m.59 views

CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS DoH GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decoding, and DNS message unpacking before rejecting the request. Unlike the POST path, which applies a...

8.7CVSS0.00672EPSS
Exploits1References2
OSV
OSV
added 2026/04/24 2:25 p.m.8 views

SUSE-SU-2026:1618-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: - CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard bsc1261236. -...

8.2CVSS5.6AI score0.01028EPSS
Exploits0References15
Snyk
Snyk
added 2026/04/14 4:4 a.m.9 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the getHostByName function in the v2 template engine. An attacker can cause sensitive data to be disclosed by crafting or updating templated resources that trigger DNS queries containing secret-derived values fr...

7.1CVSS5.7AI score0.00262EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

External Secrets 信息泄露漏洞

External Secrets is an open-source Kubernetes-related application developed by External Secrets. Versions of External Secrets 2.2.0 and earlier contain a vulnerability related to information leakage. This vulnerability stems from the v2 template engine not removing the getHostByName function, whi...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/07 8:13 p.m.14 views

netavark has incorrect error handling for malformed tcp packets

Impact A truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. Patches https://github.com/containers/aardvark-dns/commit/3b49ea7b38bdea134b7f03256f2e13f44ce73bb1 Workarounds None Credits Thanks to @dkane01 for reporti...

7.5CVSS5.9AI score0.00383EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Aardvark-dns 资源管理错误漏洞

Aardvark-dns is a DNS server developed by Containers Open Source. Versions 1.16.0 to 1.17.0 of Aardvark-dns have a resource management vulnerability. This vulnerability arises from truncated TCP DNS queries and connection resets, which may cause Aardvark-dns to enter an irreversible infinite erro...

7.5CVSS5.8AI score0.00383EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/31 11:28 p.m.5 views

SUSE CVE-2026-27854

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

4.8CVSS5.7AI score0.00471EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/31 5:18 p.m.4 views

CVE-2026-27854

A flaw was found in DNSdist. An attacker could exploit this by sending crafted DNS queries that interact with the DNSQuestion:getEDNSOptions method in custom Lua code. This interaction can trigger a use-after-free vulnerability, potentially leading to a crash and a denial of service DoS for the...

4.8CVSS5.8AI score0.00471EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 12:31 p.m.5 views

EUVD-2026-17361

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/31 11:50 a.m.11 views

CVE-2026-0396 HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/31 11:50 a.m.5 views

CVE-2026-0396

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

4.3CVSS5.3AI score0.00136EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/25 1:34 p.m.9 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/25 1:34 p.m.17 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.0036EPSS
Exploits0
OSV
OSV
added 2026/03/25 12:0 a.m.5 views

UBUNTU-CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS7.2AI score0.0036EPSS
Exploits0References4
Rows per page
Query Builder