702 matches found
Unbound DNS Resolver 1.6.2 - 1.23.0 Cache Poisoning Vulnerability (Rebirthday Attack)
Unbound DNS Resolver is prone to a cache poisoning vulnerability Rebirthday Attack. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Malicious code in gclient-eval (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5e9ffb1a50c4ad309a03eadf4dd05776ca6e5ac0e03e118c1f7c74bb2c1d5b3f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...
Malicious code in win32evtlogutil (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5d62d03c43564c8087172222e65beaf334bd9f219291eb6c36a142ad88adef4f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...
MAL-2025-191935 Malicious code in win32str (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 afe91149c788d349c6c0d31487fb417ce5fabc059b447dc4289b1e74f2cd161c Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...
Moderate: Red Hat Security Advisory: unbound security update
An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2002-2212
The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record RR combined with spoofed response...
Moderate: Red Hat Security Advisory: unbound security update
An update for unbound is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2025:8047 Moderate: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Medium: nodejs20
Issue Overview: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if t...
RLSA-2024:11232 Moderate: unbound:1.16.2 security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Linux Distros Unpatched Vulnerability : CVE-2023-27585
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications...
RLSA-2025:0837 Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation CVE-2024-1488 unbound: Unbounded name compression could lead to Denial of Service...
Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation CVE-2024-1488 unbound: Unbounded name compression could lead to Denial of Service...
CVE-2024-12705
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
AZL-56105 CVE-2024-12705 affecting package bind for versions less than 9.20.5-1
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
CVE-2024-12705
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
CVE-2024-12705
A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This issue could significantly impair the resolver's...
CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
UBUNTU-CVE-2024-12705
Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
RHEL 9 : unbound (RHSA-2024:11170)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11170 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could...