Lucene search
+L

701 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS6.9AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/09 3:29 p.m.4 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.9AI score0.00292EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 10:23 p.m.10 views

CVE-2026-10657

Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...

5.3CVSS6.2AI score0.00243EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/05 10:23 p.m.33 views

CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)

Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...

3.7CVSS0.00243EPSS
Exploits1References2
OSV
OSV
added 2026/07/05 10:23 p.m.4 views

CVE-2026-10657 Out-of-bounds read in Zephyr DNS resolver mDNS suffix check (memcmp past string NUL)

Zephyr's DNS resolver detects mDNS .local queries in dnsresolvenameinternal subsys/net/lib/dns/resolve.c with memcmpstrrchrquery, '.', ".local", 7, which always reads a fixed 7 bytes from the suffix pointer. When the resolved hostname's final label is shorter than 7 bytes e.g. names ending in .or...

3.7CVSS6.2AI score0.00243EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

10CVSS5.9AI score0.00224EPSS
Exploits0References7
CVE
CVE
added 2026/06/30 3:50 p.m.15 views

CVE-2026-10652

Zephyr’s DNS resolver (subsys/net/lib/dns) is vulnerable to an out-of-bounds read in TXT/SRV records due to unvalidated rdlength in dns_unpack_answer(). The resolver accepts attacker-declared rdlength that may extend past the datagram end, and dns_validate_record() copies up to rdlength bytes fro...

7.4CVSS5.8AI score0.00252EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/30 1:19 p.m.12 views

CVE-2026-8655

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursi...

9.8CVSS0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 12:46 p.m.43 views

CVE-2026-8655 Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursi...

8.8CVSS0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 12:46 p.m.8 views

EUVD-2026-40308

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursi...

8.8CVSS5.8AI score0.0046EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 12:46 p.m.54 views

CVE-2026-8655

CVE-2026-8655 corresponds to multiple memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway that can cause unpredictable behavior and DoS when the appliance is used as an Oracle load balancer, a DNS Proxy, or a DNS recursive resolver. The NVD/NIST entry and multiple security advi...

9.8CVSS5.8AI score0.0046EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.17 views

PT-2026-53881

Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description Memory overflow issues occur when NetScaler ADC is configured as an Oracle load balancer, a DNS Proxy, or a DNS recursive resolver...

9.8CVSS6.2AI score0.0046EPSS
Exploits0References13
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 8:42 p.m.14 views

Malicious code in tn-advertisement (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b13ed4147b360eee88a36d9fe649dccbef37cf9019072841e697b88b6e4d3d2 On require, index.js performs an unconditional http.get to a unique subdomain of oastify.com Burp Suite Collaborator out-of-band testing...

5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:16 p.m.10 views

CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:16 p.m.53 views

CVE-2026-45673

Technical details are not publicly provided in the supplied connected documents. Monitor for updates on the Netty DNS-related vulnerability (CVE-2026-45673) and any published remediation.

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/12 2:16 p.m.2 views

CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.9AI score0.00256EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-2322)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU...

7.5CVSS8AI score0.01545EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/09 5:43 p.m.14 views

Malicious code in exodus-secure-container (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 92bc77b12251baa18392bd90e84d6bdc57aaef9a8c774f8cb29a0066e80f76b5 On npm install, the package runs node src/canary.js as a postinstall hook. That script performs a DNS lookup and HTTPS GET to the hardcoded host...

5.4AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/08 11:2 p.m.15 views

Netty has Insufficient Bailiwick Validation for NS Records

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

10CVSS5.5AI score0.00292EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2026/06/08 11:2 p.m.10 views

GHSA-XMV7-R254-6Q78 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

6.8CVSS5.5AI score0.00256EPSS
Exploits0References5
Rows per page
Query Builder