openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 ships with BC Java 1.78, BC Java LTS 2.73.6 and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname as happens...

Cisco Email Security Appliance DNS Verification DoS (cisco-sa-esa-dos-MxZvGtgU)

According to its self-reported version, Cisco Email Security Appliance is affected by a vulnerability in the DNS-based Authentication of Named Entities DANE email verification component that allows an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...

CLSA-2022-1664476909 Fixed CVEs in bind: CVE-2022-38177, CVE-2022-38178, CVE-2022-2795

CVE-2022-2795: fix possible resolver performance degradation when processing large delegations - CVE-2022-38177: fix memory leak in ECDSA DNSSEC verification code - CVE-2022-38178: fix memory leak in EdDSA DNSSEC verification code...

Cisco Email Security Appliance Resource Management Error Vulnerability (CNVD-2022-13368)

The Cisco Email Security Appliance ESA is an email security appliance from Cisco, U.S.A. A resource management error vulnerability exists in the Cisco Email Security Appliance DNS Verification, which could be exploited by an attacker to cause the appliance to be inaccessible from the management...

CVE-2022-20653 Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability

A vulnerability in the DNS-based Authentication of Named Entities DANE email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability...

CVE-2022-20653 Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability

A vulnerability in the DNS-based Authentication of Named Entities DANE email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability...

Cisco Email Security Appliance DNS Verification Denial of Service Vulnerability

A vulnerability in the DNS-based Authentication of Named Entities DANE email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability...

Sitadel

This repository is an update for WAScan, making it compatible with Python versions 3.4 and above. It allows for more flexibility in writing new modules and implementing new features, such as frontend framework detection, content delivery network detection, defining risk levels for scans, and a...

LY Corporation: SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)

LINE Social Plugins https://social-plugins.line.me/ is a service that provides LINE users with content sharing on the web. This SSRF attack was caused by bypassing the DNS verification of the parameter value received to check the page information of shared content. Attacks were only possible with...

LY Corporation: Blind SSRF in social-plugins.line.me

LINE Social Plugins https://social-plugins.line.me/ is a service that provides LINE users with content sharing on the web. This Blind SSRF attack was caused by bypassing the DNS verification of the parameter value received. It could have made requests to internal servers or scanned internal netwo...

DEBIAN-CVE-2011-2500

The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...

CVE-2011-2500

The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...

Design/Logic Flaw

The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...

[SECURITY] Fedora 18 Update: bind-9.9.2-5.P1.fc18

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

nfs-utils: Improper authentication of an incoming request when an IP based authentication used

The hostreliableaddrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records...

CVE-2003-0636

Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites...