123 matches found
CVE-2025-1330
IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function...
PT-2025-20426 · Ibm · Ibm Cics Tx Standard +1
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard versions 11.1 IBM CICS TX Advanced versions 10.1 through 11.1 Description: The issue is due to the failure to handle DNS return requests by the gethostbyname function, which could allow a local user to execute arbitrary...
IBM CICS TX Standard 缓冲区错误漏洞
IBM CICS TX Standard is a comprehensive single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. A buffer error vulnerability exists in IBM CICS TX Standard version 11.1, which stems from the...
Server-side Request Forgery (SSRF)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Server-side...
Debian: Security Advisory (DLA-139-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K16057: GHOST: glibc gethostbyname buffer overflow vulnerability CVE-2015-0235
Security Advisory Description A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker may be able to use this flaw to execute arbitrary code. CVE-2015-0235 Impact A remote...
SUSE CVE-2015-0235
Heap-based buffer overflow in the nsshostnamedigitsdots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the 1 gethostbyname or 2 gethostbyname2 function, aka "GHOST."...
SUSE CVE-2023-25165
Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...
GO-2023-1547 Information disclosure in helm.sh/helm/v3
An information disclosure vulnerability exists in the getHostByName template function. The function getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a...
getHostByName Function Information Disclosure
...
Information Disclosure
github.com/helm/helm is vulnerable to Information Disclosure. The vulnerability is due to the DNS lookup chart that can disclose IP addresses to a malicious DNS server, which are used to lookup IP addresses when used with the helm install|upgrade|template command via the vulnerable getHostByName...
GHSA-PWCW-6F5G-GXF8 Helm vulnerable to information disclosure via getHostByName Function
A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...
Helm vulnerable to information disclosure via getHostByName Function
A Helm contributor discovered an information disclosure vulnerability using the getHostByName template function. Impact getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the...
AZL-13558 CVE-2023-25165 affecting package helm for versions less than 3.10.3-3
Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...
CVE-2023-25165 getHostByName Function Information Disclosure
Helm is a tool that streamlines installing and managing Kubernetes applications.getHostByName is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS...
CVE-2021-43523
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames leading to domain hijacking or injection into applications leading to remote...
AZL-6928 CVE-2021-43523 affecting package uclibc-ng for versions less than 1.0.37-2
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames leading to domain hijacking or injection into applications leading to remote...
Design/Logic Flaw
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames leading to domain hijacking or injection into applications leading to remote...
CVE-2021-43523
The CVE-2021-43523 issue affects uClibc/uClibc-ng prior to 1.0.39, where improper handling of special characters in DNS-derived domain names can cause domain hijacking and injection into applications (potential remote code execution, XSS, crashes). The vulnerability arises from a missing validati...
Exploit for Out-of-bounds Write in Gnu Glibc
This is a PoC exploit for CVE-2015-0235, a vulnerability in the GNU C Library glibc that allows for remote code execution RCE through a buffer overflow in the gethostbyname function. The exploit is implemented in the kadimus tool, which is a LFI Local File Inclusion scanner and exploit tool. The...