U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency has added a batch of six flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. This comprises three vulnerabilities that Apple patched this week CVE-2023-32434, CVE-2023-32435, and CVE-2023-32439...

CVE-2023-31137 MaraDNS Integer Underflow Vulnerability in DNS Packet Decompression

MaraDNS is open-source software that implements the Domain Name System DNS. In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination...

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

The Internet Systems Consortium ISC has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain BIND 9 Domain Name System DNS software suite that could lead to a denial-of-service DoS condition. "A remote attacker could exploit these vulnerabilities to...

CVE-2021-25215

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record...

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND that stems from the fact that when answering a query for a DNAME, an assertion check may fail to process a record that requires a DNAME to resolve...

GO-2020-0028 Denial of service via malformed zone file in github.com/miekg/dns

Due to a nil pointer dereference, parsing a malformed zone file containing TA records may cause a panic. If parsing user supplied input, this may be used as a denial of service vector...

CVE-2019-19331

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A...

Critical Remotely Exploitable Bug Haunts BIND

The maintainers of BIND have patched a critical remotely exploitable vulnerability in the DNS software that can be used in a denial-of-service attack. The vulnerability affects all versions of BIND from 9.1.0 through 9.9.7. The vulnerability is in the way that BIND handles certain queries related...

BIND 9 Denial of Service Flaw Patched

A denial-of-service vulnerability in certain versions of BIND name servers has been patched, and network managers are urged to upgrade quickly to a secure version of the DNS software. Attackers sending specially crafted queries with malformed data to a vulnerable BIND server could cause the syste...

Remote DoS Flaw in BIND Fixed in New Version !

The Internet Systems Consortium released an advisory today informing BIND users that certain types of queries to name servers can cause the servers to crash and create a denial-of-service condition. This remotely exploitable bug only affects BIND users with the Response Policy Zones RPZ feature...

No routing password permissions when the Dove on-line method-vulnerability warning-the black bar safety net

No routing password permissions when the pigeons on the line method: The first step:tools--FTP--FTP home directory, just in the desktop build one, put the following ports into 2 1. The user name can not fill. The following two options are marked with a tick. Then turn on the service. Completed th...