10 matches found
CVE-2026-25518
Summary: CVE-2026-25518 affects cert-manager-controller in Kubernetes clusters. In versions 1.18.0–1.18.4 and 1.19.0–1.19.2, the controller performs DNS lookups during ACME DNS-01 processing using unencrypted DNS, allowing an attacker able to intercept DNS traffic from the cert-manager pod to ins...
CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion
Summary The CoreDNS etcd plugin contains a TTL confusion vulnerability where lease IDs are incorrectly used as TTL values, enabling cache pinning for very long periods. This can effectively cause a denial of service for DNS updates/changes to affected services. Details In plugin/etcd/etcd.go, the...
EulerOS Virtualization 2.12.0 : curl (EulerOS-SA-2025-1568)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server...
PT-2024-36978 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc1-00028-g4b50c3c3b998-dirty Description: A NULL pointer dereference issue has been resolved in the Linux kernel's iommu/vt-d component. The issue occurs when trying to map pages to a nested parent domai...
ALPINE-CVE-2024-9681
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...
curl 安全漏洞
curl is a cURL open source tool for transferring data from or to a server. A security vulnerability exists in curl versions 7.74.0 through 8.10.1, which stems from the expiration of a child domain name overwriting the cache entry of the parent domain name when curl is required to use HTTP Strict...
UBUNTU-CVE-2024-9681
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...
USN-4976-1 dnsmasq vulnerability
Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks...
Cisco ASA Software DNS Denial of Service Vulnerability
Cisco Adaptive Security Appliance ASA Software is the core operating system for the Cisco ASA family. A denial of service vulnerability in the DNS code of Cisco ASA Software can be exploited by an attacker to cause an affected device to reload or corrupt information in the device's local DNS cach...
dns-cache-snoop NSE Script
Performs DNS cache snooping against a DNS server. There are two modes of operation, controlled by the dns-cache-snoop.mode script argument. In nonrecursive mode the default, queries are sent to the server with the RD recursion desired flag set to 0. The server should respond positively to these...