CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

CVE-2024-12705

A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This issue could significantly impair the resolver's...

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

CVE-2024-12705

CVE-2024-12705 affects BIND’s DNS-over-HTTPS (DoH) implementation. Under crafted HTTP/2 traffic, a resolver can experience CPU/memory exhaustion, leading to denial of service. Affected: BIND 9.18.0–9.18.32, 9.20.0–9.20.4, 9.21.0–9.21.3 (and 9.18.11-S1–9.18.32-S1). Impact: potential DoS impacting ...

CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

CVE-2024-12705

Clients using DNS-over-HTTPS DoH can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...

CVE-2024-48849

Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through = 9.3.4...

CVE-2024-48852 Information disclosures

Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through = 9.3.4...

CVE-2024-48852

CVE-2024-48852 affects ABB FLXeon (

USN-7241-1: Bind vulnerabilities

Toshifumi Sakaguchi discovered that Bind incorrectly handled many records in the additional section. A remote attacker could possibly use this issue to cause Bind to consume CPU resources, leading to a denial of service. CVE-2024-11187 Jean-François Billaud discovered that the Bind DNS-over-HTTPS...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Bind vulnerabilities (USN-7241-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7241-1 advisory. Toshifumi Sakaguchi discovered that Bind incorrectly handled many records in the additional section. A remote attacker...

ISC BIND 安全漏洞

ISC BIND is an ISC open source suite of open source software that implements the DNS protocol. A security vulnerability exists in ISC BIND 9 that stems from the fact that a client using DNS-over-HTTPS DoH can exhaust its CPU and/or memory by injecting carefully crafted valid or invalid HTTP/2...

CVE-2025-24390 Missing Cookie Flags

A vulnerability in OTRS Application Server and reverse proxy settings allows session hijacking due to missing attributes for sensitive cookie settings in HTTPS sessions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X...

PT-2025-2667 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: A server side request forgery issue was identified in Kibana where the "/api/fleet/health check" API could be used to send requests to internal endpoints. Due to the nature of the underlying...

CVE-2024-10497

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...

CVE-2024-10497

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...

CVE-2024-10497

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges Elevation of Privileges when the attacker sends modified HTTPS requests to the device...

CVE-2024-10497

Schneider Electric PowerLogic HDPM6000 is affected by CVE-2024-10497 (Authorization Bypass Through User-Controlled Key). The vulnerability allows an authorized attacker to modify values outside defined privileges by sending modified HTTPS requests, resulting in Elevation of Privileges. Documents ...

CVE-2024-11425

CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver...