Lucene search
+L

702 matches found

OpenVAS
OpenVAS
added 2025/07/18 12:0 a.m.8 views

Unbound DNS Resolver 1.6.2 - 1.23.0 Cache Poisoning Vulnerability (Rebirthday Attack)

Unbound DNS Resolver is prone to a cache poisoning vulnerability Rebirthday Attack. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 8:26 p.m.4 views

Malicious code in gclient-eval (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5e9ffb1a50c4ad309a03eadf4dd05776ca6e5ac0e03e118c1f7c74bb2c1d5b3f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 8:26 p.m.4 views

Malicious code in win32evtlogutil (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5d62d03c43564c8087172222e65beaf334bd9f219291eb6c36a142ad88adef4f Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/06/10 8:26 p.m.5 views

MAL-2025-191935 Malicious code in win32str (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 afe91149c788d349c6c0d31487fb417ce5fabc059b447dc4289b1e74f2cd161c Research packages targeting typosquatting and dependency confusions, without really harmful behaviour - just calling home through DNS resolver. Related to...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/27 11:49 a.m.14 views

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

5.3CVSS6.7AI score0.00801EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 10:41 p.m.12 views

CVE-2002-2212

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record RR combined with spoofed response...

5CVSS7.1AI score0.02399EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/20 5:29 p.m.11 views

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

5.3CVSS6.7AI score0.00801EPSS
Exploits0References2
OSV
OSV
added 2025/05/20 12:0 a.m.12 views

ALSA-2025:8047 Moderate: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.3CVSS6.7AI score0.00801EPSS
Exploits0References4
Amazon
Amazon
added 2025/04/29 12:0 a.m.6 views

Medium: nodejs20

Issue Overview: c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if t...

8.3CVSS6.7AI score0.00577EPSS
Exploits0
OSV
OSV
added 2025/03/17 8:16 p.m.13 views

RLSA-2024:11232 Moderate: unbound:1.16.2 security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could lead to Denial of Service CVE-2024-8508 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

5.3CVSS6.7AI score0.00801EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-27585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications...

7.5CVSS7.4AI score0.0233EPSS
Exploits1References2
OSV
OSV
added 2025/02/13 8:34 p.m.13 views

RLSA-2025:0837 Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation CVE-2024-1488 unbound: Unbounded name compression could lead to Denial of Service...

8CVSS6.9AI score0.00801EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2025/01/30 12:0 a.m.15 views

Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation CVE-2024-1488 unbound: Unbounded name compression could lead to Denial of Service...

8CVSS6.9AI score0.00801EPSS
Exploits0References6
OSV
OSV
added 2025/01/29 10:15 p.m.11 views

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS7.4AI score0.17935EPSS
Exploits0References2
OSV
OSV
added 2025/01/29 10:15 p.m.14 views

AZL-56105 CVE-2024-12705 affecting package bind for versions less than 9.20.5-1

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS7.1AI score0.17935EPSS
Exploits0References1
NVD
NVD
added 2025/01/29 10:15 p.m.8 views

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS0.17935EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/01/29 9:51 p.m.13 views

CVE-2024-12705

A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This issue could significantly impair the resolver's...

7.5CVSS7.2AI score0.17935EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/29 9:40 p.m.78 views

CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS0.17935EPSS
Exploits0References1
OSV
OSV
added 2025/01/29 12:0 a.m.4 views

UBUNTU-CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

7.5CVSS7.1AI score0.17935EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.14 views

RHEL 9 : unbound (RHSA-2024:11170)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11170 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbounded name compression could...

5.3CVSS6.8AI score0.00801EPSS
Exploits0References5
Rows per page
Query Builder