CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

FreeBSD : FreeBSD -- Multiple vulnerabilities in unbound (b604d3e1-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b604d3e1-6474-11f1-958d-bc241121aa0a advisory. Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups f...

unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution

A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer after certain DS sub-query validations fail due to NSEC3 budget exhaustion. This may cause crashes and could potentially allow arbitrary code execution...

SUSE-SU-2026:2281-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: 'Ghost domain name' variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

SUSE-SU-2026:21913-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.10)

The version of AOS installed on the remote host is prior to 7.3.1.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.10 advisory. - Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentatio...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

CVE-2026-8962

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-45557 Technitium DNS Server excessive DNSSEC requests

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

CVE-2026-8962

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

PT-2026-41937

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

SUSE CVE-2026-1519

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries see:...

CVE-2026-22866

Ethereum Name Service ENS is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the RSASHA256Algorithm and RSASHA1Algorithm contracts fail to validate PKCS1 v1.5 padding structure when verifying RSA signatures. The contracts only check...

MiracleLinux 8 : dnsmasq-2.79-13.el8.1 (AXSA:2021-1363:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1363:03 advisory. dnsmasq: heap-based buffer overflow in sortrrset when DNSSEC is enabled CVE-2020-25681 dnsmasq: buffer overflow in extractname due to missing length...

[SECURITY] Fedora 43 Update: unbound-1.24.2-1.fc43

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

Security update for bind

This update for bind fixes the following issues: Upgrade to release 9.20.15: CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found bsc1252378. CVE-2025-40778: Address various spoofing attacks bsc1252379. CVE-2025-40780: Cache-poisoning due to weak pseudo-random number...

EUVD-2015-8435

Malware in sbrugna...

EUVD-2004-1311

Malware in sbrugna...

EUVD-2004-0718

Malware in sbrugna...