425 matches found
PT-2026-52210
Name of the Vulnerable Software and Affected Versions NSD version 4.13.0 Description A heap use-after-free bug exists when logging errors on TLS connections. This issue can be triggered by sending a DNS query over a DNS over TLS DoT connection and closing the connection before reading the respons...
GHSA-HGJ6-7826-R7M5 jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)
Summary JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution for hostname inputs at deserialization time. An application that binds untrusted JSON into a type containing an InetSocketAddress field issues an...
UBUNTU-CVE-2026-54514
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4, and 3.1.4, JDKFromStringDeserializer constructed InetSocketAddress with new InetSocketAddresshost, port, which performs eager DNS name resolution fo...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Keys: Fixed the issue of linking a duplicate key to a keyring’s assocarray. When making a DNS query within the kernel using dnsquery, the request code can, in rare cases, create a duplicate index key in the assocarray of the...
Exploit for Heap-based Buffer Overflow in Microsoft
the bug is at DnsQueryRaw function to be specific, inside DnsRa...
CVE-2026-30872
A flaw was found in OpenWrt's mdns daemon. A remote attacker can exploit a stack-based buffer overflow vulnerability by sending a specially crafted DNS query. This occurs when processing IPv6 reverse DNS queries, where the system fails to validate the length of incoming data. Successful...
SUSE SLES16 Security Update : glibc (SUSE-SU-2026:20198-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20198-1 advisory. Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. - CVE-2026-0861: Fixed inadequate size...
SUSE-SU-2026:0371-1 Security update for glibc
This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in nssdnsgetnetbyaddrr bsc1256822...
OPENSUSE-SU-2026:20133-1 Security update for glibc
This update for glibc fixes the following issues: Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. - CVE-2026-0915: Fixed uninitialized stack...
SUSE-SU-2026:20178-1 Security update for glibc
This update for glibc fixes the following issues: Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. - CVE-2026-0915: Fixed uninitialized stack...
SUSE-SU-2026:20198-1 Security update for glibc
This update for glibc fixes the following issues: Security fixes: - CVE-2025-0395: Fixed buffer overflow in the assert function bsc1236282. - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow bsc1256766. - CVE-2026-0915: Fixed uninitialized stack...
MiracleLinux 8 : nodejs:16 (AXSA:2023-6226:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6226:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...
CVE-2021-33259
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history...
CVE-2021-31228
An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnerability allows the attacker to predict a DNS query's source port in order to send forged DNS response packets that will be accepted as valid answers to the DNS client's requests without sniffing the specific request. Data is...
CVE-2023-54170
In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assocarray When making a DNS query inside the kernel using dnsquery, the request code can in rare cases end up creating a duplicate index key in the assocarray of the destination...
Linux Distros Unpatched Vulnerability : CVE-2023-54170
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - keys: Fix linking a duplicate key to a keyring's assocarray When making a DNS query inside the kernel using dnsquery, the request code can in rare cases end up...
EUVD-2023-60471
In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assocarray When making a DNS query inside the kernel using dnsquery, the request code can in rare cases end up creating a duplicate index key in the assocarray of the destination...
CVE-2023-54170 keys: Fix linking a duplicate key to a keyring's assoc_array
In the Linux kernel, the following vulnerability has been resolved: keys: Fix linking a duplicate key to a keyring's assocarray When making a DNS query inside the kernel using dnsquery, the request code can in rare cases end up creating a duplicate index key in the assocarray of the destination...
CVE-2025-43376
A logic issue was addressed with improved state management. This issue is fixed in Safari 26, iOS 18.7.7 and iPadOS 18.7.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A remote attacker may be able to view leaked DNS queries with Private Relay turned on...
EUVD-2006-4239
Malware in sbrugna...