CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

191 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в ruby2.5

The attack vector is a potential Denial of Service DoS attack. The vulnerability arises from an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can create a malicious DNS packet containing a highly compressed domain name. When the resolv library...

7.5CVSS6.6AI score0.00268EPSS

Exploits0References2

Mageia•added 2026/05/14 2:43 a.m.•7 views

Updated dnsmasq packages fix security vulnerabilities

CVE-2026-2291: dnsmasqs extractname function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS. CVE-2026-4890: A Denial of Service DoS...

8.4CVSS6.4AI score0.0024EPSS

Exploits4References2

SUSE CVE•added 2026/05/13 3:48 a.m.•6 views

SUSE CVE-2026-4893

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...

5.3CVSS5.8AI score0.00027EPSS

Exploits2References10

CVE•added 2026/05/11 4:47 p.m.•14 views

CVE-2026-4891

CVE-2026-4891 describes a heap-based out-of-bounds read in dnsmasq’s DNSSEC validation, allowing remote attackers to trigger a denial of service by sending a crafted DNS packet. The vulnerability is part of a broader set (CVE-2026-2291, CVE-2026-4890/4892/4893, CVE-2026-5172) affecting dnsmasq an...

5.3CVSS5.8AI score0.00071EPSS

Exploits0References6

CVE•added 2026/05/11 4:47 p.m.•15 views

CVE-2026-4890

Dnsmasq is affected by CVE-2026-4890, a DoS vulnerability in DNSSEC validation. The issue is described as an infinite-loop flaw in DNSSEC validation, which can cause the dnsmasq service to crash or become unresponsive when processing a crafted DNS response. Affected component: dnsmasq’s DNSSEC va...

7.5CVSS5.8AI score0.0024EPSS

Exploits0References6

UbuntuCve•added 2026/05/11 12:0 p.m.•6 views

CVE-2026-4893

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information...

5.3CVSS5.8AI score0.00027EPSS

Exploits2References2

UbuntuCve•added 2026/05/11 12:0 p.m.•6 views

CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

5.3CVSS5.8AI score0.00071EPSS

Exploits0References2

OSV•added 2026/04/24 2:25 p.m.•2 views

SUSE-SU-2026:1618-1 Security update for dnsdist

This update for dnsdist fixes the following issues: Update to version 1.9.12. - https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: - CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard bsc1261236. -...

8.2CVSS5.6AI score0.00009EPSS

Exploits0References15

Cvelist•added 2026/03/31 11:57 a.m.•20 views

CVE-2026-24028 Out-of-bounds read when parsing DNS packets via Lua

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

5.3CVSS0.00006EPSS

Exploits0References1

CVE•added 2026/03/31 11:57 a.m.•5 views

CVE-2026-24028

CVE-2026-24028 describes an out-of-bounds read when parsing DNS packets via Lua: if custom Lua code uses newDNSPacketOverlay to parse DNS packets, a crafted DNS response can trigger a crash (DoS) or unauthorized memory access (potential information disclosure). The available documents do not spec...

8.2CVSS5.9AI score0.00006EPSS

Exploits0References1Affected Software1

AlpineLinux•added 2026/03/31 11:57 a.m.•2 views

CVE-2026-24028

8.2CVSS5.8AI score0.00006EPSS

Exploits0

FreeBSD•added 2026/03/25 12:0 a.m.•5 views

dnsmasq -- multiple vulnerabilities

Simon Kelley reports: Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. Christopher Cullen and Molly Jaconski write, in Vulnerability Note VU471747:...

8.4CVSS6.3AI score0.0024EPSS

Exploits4References2

OSV•added 2026/01/30 4:26 p.m.•1 views

CLEANSTART-2026-MB75553 vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record

Multiple security vulnerabilities affect the playwright-python package. A vulnerability was found in Avahi, where a reachable assertion exists in avahidnspacketappendrecord. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00083EPSS

Exploits0References15

RedhatCVE•added 2026/01/07 9:11 a.m.•14 views

CVE-2025-1673

A malicious or malformed DNS packet without a payload can cause an out-of-bounds read, resulting in a crash denial of service or an incorrect computation...

8.2CVSS6.8AI score0.00403EPSS

Exploits0References1

OSV•added 2025/10/24 1:25 p.m.•3 views

SUSE-SU-2025:3776-1 Security update for ruby2.5

This update for ruby2.5 fixes the following issues: - CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption bsc1246430...

7.5CVSS6.8AI score0.00268EPSS

Exploits0References3