Lucene search
+L

276 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2018-5745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC...

4.9CVSS6.4AI score0.02264EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/02/10 9:52 p.m.12 views

Hickory DNS failure to verify self-signed RRSIG for DNSKEYs

Summary The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to...

7.3AI score
Exploits0References3Affected Software1
OSV
OSV
added 2025/02/10 6:15 p.m.1 views

DEBIAN-CVE-2025-25188

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

7.1CVSS5.4AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2025/02/10 5:46 p.m.5 views

GHSA-37WC-H8XC-5HC4 Hickory DNS's DNSSEC validation may accept broken authentication chains

Summary The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to...

7.1CVSS6.4AI score0.00271EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/10 5:35 p.m.15 views

CVE-2025-25188 DNSSEC validation may accept broken authentication chains

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

7.1CVSS0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.3 views

Hickory DNS 数据伪造问题漏洞

Hickory DNS is a Rust-based DNS client, server, and resolver from the Hickory DNS open source. A data forgery issue vulnerability exists in Hickory DNS version 0.8.0 and earlier, which stems from the DNSSEC validation mechanism incorrectly treating DNSKEY records across RRsets as trusted, and a...

7.1CVSS6.5AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2025/02/07 12:0 p.m.7 views

RUSTSEC-2025-0006 Hickory DNS failure to verify self-signed RRSIG for DNSKEYs

Summary The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to...

7.3AI score
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/01/10 4:54 p.m.2 views

Security update for dnsmasq

This update for dnsmasq fixes the following issues: Version update to 2.90: CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. bsc1219823 CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses...

7.5CVSS6.6AI score0.99995EPSS
Exploits1References18
Amazon
Amazon
added 2024/08/06 12:0 a.m.37 views

Important: bind

Issue Overview: Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versio...

7.5CVSS8AI score0.02114EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/07/26 3:27 a.m.4 views

SUSE CVE-2024-1975

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG0 signed requests. This issue affects BIND 9 versions 9.0.0 through...

7.5CVSS7AI score0.02114EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 5 : bind97 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bind: An error in TSIG authentication can permit unauthorized dynamic updates CVE-2017-3143 - named in IS...

7.5CVSS7.3AI score0.59353EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/05/16 5:40 p.m.7 views

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

7.5CVSS6.7AI score0.99995EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/05/07 7:34 a.m.4 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
Debian
Debian
added 2024/04/26 5:50 a.m.113 views

[SECURITY] [DLA 3795-1] knot-resolver security update

Debian LTS Advisory DLA-3795-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany April 26, 2024 https://wiki.debian.org/LTS Package : knot-resolver Version : 3.2.1-3+deb10u2 CVE ID : CVE-2019-10190 CVE-2019-10191 CVE-2019-19331 CVE-2020-12667 Debian Bug : 932048...

7.5CVSS7AI score0.02619EPSS
Exploits1
OSV
OSV
added 2024/04/24 7:55 p.m.6 views

USN-6657-2 dnsmasq vulnerabilities

USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq icorrectly handled validating DNSSEC...

7.5CVSS6.8AI score0.99995EPSS
Exploits1References4
Fedora
Fedora
added 2024/04/19 9:44 p.m.23 views

[SECURITY] Fedora 40 Update: unbound-1.19.3-1.fc40

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

7.5CVSS7.3AI score0.02516EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/04/11 11:6 a.m.2 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
OSV
OSV
added 2024/02/28 1:10 p.m.1 views

USN-6665-1 unbound vulnerabilities

Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Unbound incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Unbound to consume resources, leading to a denial of service. CVE-2023-50387 It was discovered that...

7.5CVSS6.8AI score0.99995EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/02/26 7:19 p.m.6 views

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

7.5CVSS6.7AI score0.99995EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/02/26 8:46 a.m.6 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
Rows per page
Query Builder