115 matches found
SUSE CVE-2026-10846
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...
EUVD-2026-36080
In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2507.23, and 9.3.2411.132, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could cause data exfiltration through classic...
CVE-2026-10846
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...
CVE-2026-10846 Insufficient verification that responses belong to a query
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...
CVE-2026-10846
CVE-2026-10846 affects nlnts ldns used as a stub resolver over UDP. FreeBSD advisories confirm that ldns failed to verify response provenance (source IP/port, transaction ID, and question matching), enabling off‑path spoofing of UDP responses and arbitrary data delivery to programs using ldns (e....
CVE-2026-10846 Insufficient verification that responses belong to a query
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...
EUVD-2026-35991
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...
PT-2026-48381
Name of the Vulnerable Software and Affected Versions NLnet Labs ldns versions 1.2.0 through 1.9.0 Description When used in applications as a stub resolver over UDP, the software fails to match the query destination address and port with the response source address and port. Additionally, it does...
UBUNTU-CVE-2026-10846
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...
EUVD-2023-0015
Malicious code in bioql PyPI...
EUVD-2022-5833
Malicious code in bioql PyPI...
EUVD-2023-0028
Malicious code in bioql PyPI...
EUVD-2024-2417
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-40391
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev commit b5f1eacd, and the forked version of...
Malicious code in test-mlw2-drill-slopy (npm)
The package test-mlw2-drill-slopy was found to contain malicious code...
MAL-2025-35230 Malicious code in test-mlw2-drill-slopy (npm)
The package test-mlw2-drill-slopy was found to contain malicious code...
MAL-2025-8610 Malicious code in @malware-test-drill-chape-windy-aport/test-mlw3-drill-chape-windy-aport (npm)
The package @malware-test-drill-chape-windy-aport/test-mlw3-drill-chape-windy-aport was found to contain malicious code...
CVE-2023-48362
XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue...
CVE-2023-39553
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...
CVE-2023-28707
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2...