Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2026-1756)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1756 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep...

NLnet Labs Unbound 访问控制错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.16.2 to 1.25.0 of NLnet Labs Unbound, there is an access control vulnerability. This vulnerability stems from a phantom domain attack. It allows attackers to control phantoms and query the vulnerable...

MiracleLinux 8 : unbound-1.16.2-2.el8 (AXSA:2022-4339:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4339:01 advisory. unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names CVE-2022-30698 unbound: novel gho...

MiracleLinux 9 : unbound-1.16.2-2.el9 (AXSA:2023-4630:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4630:01 advisory. unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names CVE-2022-30698 unbound: novel...

EUVD-2012-1221

Malware in sbrugna...

EUVD-2009-0358

Malware in sbrugna...

EUVD-2016-10074

Malware in sbrugna...

EUVD-2024-2011

Malicious code in bioql PyPI...

EUVD-2022-46681

Malicious code in bioql PyPI...

EUVD-2022-52529

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2012-1191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to a...

Linux Distros Unpatched Vulnerability : CVE-2022-30699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an...

CVE-2022-43699

OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain found in the host part of an e-mail address...

ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery

Exploit title: ABB Cylon FLXeon 9.3.4 Limited Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...

CVE-2024-5967 Keycloak: leak of configured ldap bind credentials through the keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

SUSE-SU-2024:1923-1 Security update for unbound

This update for unbound fixes the following issues: unbound was updated to 1.20.0: A lot of bugfixes and added features. For a complete list take a look at the changelog located at: /usr/share/doc/packages/unbound/Changelog or https://www.nlnetlabs.nl/projects/unbound/download/ Some Noteworthy...

AZL-40372 CVE-2024-34069 affecting package python-werkzeug for versions less than 3.0.3-1

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names

A flaw was found in Unbound, which is vulnerable to a novel type of "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates...

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : unbound (RHSA-2024:2045)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2045 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: NRDelegation attack leads...