Lucene search
K

123 matches found

ATTACKERKB
ATTACKERKB
added 2025/05/08 10:15 p.m.2 views

CVE-2025-1330

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function...

7.8CVSS6.2AI score0.00228EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2025/05/08 12:0 a.m.5 views

PT-2025-20426 · Ibm · Ibm Cics Tx Standard +1

Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 11.1 IBM CICS TX Advanced versions 10.1 through 11.1 Description: The issue is due to the failure to handle DNS return requests by the gethostbyname function, which could allow a local user to execute arbitrary...

7.8CVSS7AI score0.00228EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.4 views

IBM CICS TX Standard 缓冲区错误漏洞

IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A buffer error vulnerability exists in IBM CICS TX Standard version 11.1, which stems from the...

7.8CVSS6.9AI score0.00228EPSS
Exploits0References3
Snyk
Snyk
added 2025/03/31 5:23 p.m.4 views

Server-side Request Forgery (SSRF)

Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-side...

9.8CVSS6.9AI score0.00446EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.38 views

Debian: Security Advisory (DLA-139-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.94859EPSS
Exploits29References2
F5 Networks
F5 Networks
added 2023/02/21 7:50 p.m.86 views

K16057: GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235

Security Advisory Description A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker may be able to use this flaw to execute arbitrary code. CVE-2015-0235 Impact A remote...

10CVSS8.6AI score0.94859EPSS
Exploits29Affected Software20
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.8 views

SUSE CVE-2015-0235

Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...

10CVSS8.2AI score0.94859EPSS
Exploits29References15
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.4 views

SUSE CVE-2023-25165

Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...

4.3CVSS5.2AI score0.00762EPSS
Exploits1References7
OSV
OSV
added 2023/02/14 3:53 p.m.33 views

GO-2023-1547 Information disclosure in helm.sh/helm/v3

An information disclosure vulnerability exists in the getHostByName template function. The function getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a...

4.3CVSS4.3AI score0.00762EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2023/02/13 8:0 a.m.2 views

getHostByName Function Information Disclosure

...

4.3CVSS5.9AI score0.00762EPSS
Exploits1
Veracode
Veracode
added 2023/02/12 2:31 p.m.27 views

Information Disclosure

github.com/helm/helm is vulnerable to Information Disclosure. The vulnerability is due to the DNS lookup chart that can disclose IP addresses to a malicious DNS server, which are used to lookup IP addresses when used with the helm install|upgrade|template command via the vulnerable getHostByName...

4.3CVSS5.1AI score0.00762EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/02/08 10:36 p.m.11 views

GHSA-PWCW-6F5G-GXF8 Helm vulnerable to information disclosure via getHostByName Function

A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...

4.3CVSS4.5AI score0.00762EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/02/08 10:36 p.m.82 views

Helm vulnerable to information disclosure via getHostByName Function

A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...

4.3CVSS4.5AI score0.00762EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/02/08 8:15 p.m.6 views

AZL-13558 CVE-2023-25165 affecting package helm for versions less than 3.10.3-3

Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...

4.3CVSS6.5AI score0.00762EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/08 7:7 p.m.8 views

CVE-2023-25165 getHostByName Function Information Disclosure

Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...

4.3CVSS4.6AI score0.00762EPSS
Exploits1References2
OSV
OSV
added 2021/11/10 3:15 p.m.16 views

CVE-2021-43523

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames leading to domain hijacking or injection into applications leading to remote...

9.6CVSS7.5AI score
Exploits0References3
OSV
OSV
added 2021/11/10 3:15 p.m.7 views

AZL-6928 CVE-2021-43523 affecting package uclibc-ng for versions less than 1.0.37-2

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames leading to domain hijacking or injection into applications leading to remote...

9.6CVSS7.5AI score0.03261EPSS
Exploits1References1
Prion
Prion
added 2021/11/10 3:15 p.m.14 views

Design/Logic Flaw

In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames leading to domain hijacking or injection into applications leading to remote...

6.8CVSS9.4AI score0.03261EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2021/11/10 2:3 p.m.81 views

CVE-2021-43523

The CVE-2021-43523 issue affects uClibc/uClibc-ng prior to 1.0.39, where improper handling of special characters in DNS-derived domain names can cause domain hijacking and injection into applications (potential remote code execution, XSS, crashes). The vulnerability arises from a missing validati...

9.6CVSS9.4AI score0.03261EPSS
Exploits1References3Affected Software2
Gitee
Gitee
added 2021/08/05 1:6 p.m.4 views

Exploit for Out-of-bounds Write in Gnu Glibc

This is a PoC exploit for CVE-2015-0235, a vulnerability in the GNU C Library glibc that allows for remote code execution RCE through a buffer overflow in the gethostbyname function. The exploit is implemented in the kadimus tool, which is a LFI Local File Inclusion scanner and exploit tool. The...

10CVSS8.9AI score0.94859EPSS
Exploits29
Rows per page
Query Builder