Lucene search
K

275 matches found

NCSC
NCSC
added 2022/03/17 12:0 a.m.6 views

Vulnerabilities fixed in BIND

The Internet Systems Consortium ISC has fixed vulnerabilities in BIND. An unauthenticated remote malicious person can exploit the exploit the vulnerabilities to perform a cache-poisoning attack or cause a denial-of-service. One of the fixed vulnerabilities has been given the attribute CVE-2022-06...

7.5CVSS7.4AI score0.0325EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2018-0252)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS4.6AI score0.01287EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2012:1048-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.5AI score0.27383EPSS
Exploits1References2
CNVD
CNVD
added 2021/01/29 12:0 a.m.9 views

Dnsmasq Buffer Overflow Vulnerability (CNVD-2021-07538)

Dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. It can be used as a server to forward DNS, DHCP, and TFTP. Dnsmasq suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in the way dnsmasq extracts names from DNS packets before...

8.3CVSS8.3AI score0.70754EPSS
Exploits0References1
NCSC
NCSC
added 2020/11/27 12:0 a.m.5 views

Vulnerability fixed in DNS implementations

Researchers have discovered a vulnerability in a number of DNS implementations. The researchers have named the vulnerability SAD DNS, an acronymmm for Side-channel AttackeD DNS. This vulnerability has since been given CVE attribute CVE-2020-25705. The vulnerability allows a malicious party to rou...

7.4CVSS8.2AI score0.06692EPSS
Exploits1
OSV
OSV
added 2020/11/06 3:55 p.m.5 views

SUSE-SU-2020:3235-1 Security update for SUSE Manager Server 4.1

This update fixes the following issues: bind-formula: - Temporarily disable dnssec-validation as hotfix for bsc1177790 grafana-formula: - Use variable for product name - Add HA/SAP dashboards - Add support for system groups in Client Systems dashboard image-sync-formula: - Do not use .gz suffix f...

9.8CVSS7.5AI score0.99585EPSS
Exploits5References31
OSV
OSV
added 2020/10/24 5:51 p.m.9 views

MGASA-2020-0393 Updated pdns-recursor package fixes a security vulnerability

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This result...

7.5CVSS7.3AI score0.06543EPSS
Exploits0References4
ArchLinux
ArchLinux
added 2020/10/18 12:0 a.m.31 views

[ASA-202010-6] powerdns-recursor: denial of service

Arch Linux Security Advisory ASA-202010-6 ========================================= Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-25829 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1243 Summary ======= The package powerdns-recurs...

7.5CVSS2.7AI score0.06543EPSS
Exploits0References6
OSV
OSV
added 2020/10/17 2:22 p.m.4 views

OPENSUSE-SU-2020:1687-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: -pdns-recursorwas updated to 4.1.1 and 4.3.5: - CVE-2020-25829: Fixed a cache pollution related to DNSSEC validation boo1177383 - CVE-2020-14196: Fixed an access restriction bypass with API key and password authentication boo1173302...

7.5CVSS5.9AI score0.06543EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2020/10/17 12:0 a.m.64 views

Security update for pdns-recursor (important)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2020:1687-1 Rating: important References: 1173302 1177383 Cross-References: CVE-2020-14196 CVE-2020-25829 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE...

7.5CVSS6.7AI score0.06543EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/10/16 5:7 a.m.22 views

CVE-2020-25829

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This result...

7.2AI score0.06543EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2020/09/16 12:0 a.m.82 views

dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities

Simon Kelley reports: There are broadly two sets of problems. The first is subtle errors in dnsmasq's protections against the chronic weakness of the DNS protocol to cache-poisoning attacks; the Birthday attack, Kaminsky, etc.... the second set of errors is a good old fashioned buffer overflow in...

8.3CVSS3.9AI score0.86692EPSS
Exploits2References2
OSV
OSV
added 2020/05/24 6:4 p.m.8 views

MGASA-2020-0223 Updated pdns-recursor packages fix security vulnerabilities

Updated pdns-recursor packages fix security vulnerabilities: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the...

7.5CVSS7.3AI score0.04372EPSS
Exploits0References6
Fedora
Fedora
added 2020/05/24 3:30 a.m.43 views

[SECURITY] Fedora 32 Update: unbound-1.10.1-1.fc32

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

7.5CVSS3AI score0.03588EPSS
Exploits0
OSV
OSV
added 2020/05/19 2:15 p.m.32 views

CVE-2020-12244

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...

7.5CVSS6.6AI score
Exploits0References6
OSV
OSV
added 2020/05/19 12:0 p.m.3 views

UBUNTU-CVE-2020-12244

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...

7.5CVSS7.2AI score0.02434EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2020/05/19 12:0 a.m.69 views

powerdns-recursor -- multiple vulnerabilities

PowerDNS Team reports: CVE-2020-10995: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between...

8.8CVSS3.4AI score0.23889EPSS
Exploits0References1
Veracode
Veracode
added 2020/04/10 12:51 a.m.24 views

Authorization Bypass

bind is vulnerable to authorization bypass. The vulnerability exists as it was discovered that, in certain cases, named did not properly perform DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY algorithm rollover. This flaw could cause the validator to incorrectly determine th...

6.4CVSS3.5AI score0.14503EPSS
Exploits0References32Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-2321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.1107EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/03 12:0 a.m.32 views

EulerOS Virtualization for ARM 64 3.0.3.0 : bind (EulerOS-SA-2019-2321)

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date,...

7.5CVSS6.6AI score0.1107EPSS
Exploits0References4
Rows per page
Query Builder