CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

UBUNTU-CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop via the nghttp2 process. An attacker can exhaust CPU resources by sending specially crafted DNS over HTTPS exchanges that trigger an unbounded I/O read loop. This is only exploitable if the system is configured to use the...

CVE-2025-30187

DNSdist is vulnerable when configured to use the nghttp2 library to process DoH queries. The issue is an unbounded I/O read loop in the DoH path that can cause CPU resource exhaustion (DoS). Affected code appears post-1.9.0-alpha1; various advisories recommend upgrading DNSdist to fixed releases....

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

CVE-2025-30187 Denial of service via crafted DoH exchange in PowerDNS DNSdist

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

CVE-2025-30187

In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an unexpected consumption of CPU resources...

SUSE-SU-2025:03262-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU bsc1247754. - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java application...

DNSdist 安全漏洞

DNSdist is a highly DNS, DoS and abuse aware load balancer from DNSdist open source. A security vulnerability exists in DNSdist that stems from the use of the nghttp2 library to process DNS over HTTPS queries that may trigger an infinite I/O read loop, which may lead to excessive CPU resource...

dnsdist -- Denial of service via crafted DoH exchange

[email protected] reports: In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to cause a denial of service by crafting a DoH exchange that triggers an unbounded I/O read loop, causing an...

GHSA-MCVP-RPGG-9273 DragonFly's tiny file download uses hard coded HTTP protocol

Impact The code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. Due to the use of weak...

PT-2025-37471

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP version 2023.Q4.0 Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4 GA through update 92 Description A stor...

CVE-2025-10404

creationtimestamp| type| source ---|---|--- 2025-09-14 20:51:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyt6bb3z4a2t 2025-09-15 06:21:35+00:00| seen| https://gist.github.com/Darkcrai86/5a8941cbe0eea50ddc1b03de31831b59...

CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

Out-of-bounds Read

Overview curl is a command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. libcurl offers a myriad of...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read due to improper validation in the path comparison process. An attacker can cause a crash or override the contents of a secure cookie by setting a cookie with the secure keyword for an HTTPS site, then redirecting to t...

CVE-2025-9086

A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but using clear text HTTP using the same cookie set 3. The same cookie name is set - but with just a slash as path path="/",. Since this site is not...

Linux Distros Unpatched Vulnerability : CVE-2021-20110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to matc...

Linux Distros Unpatched Vulnerability : CVE-2012-3742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows...

RICOH Streamline NX vulnerable to tampering with operation history

Overview RICOH Streamline NX provided by Ricoh Company, Ltd. contains the following vulnerability. Use of Less Trusted Source CWE-348 - CVE-2025-58422 Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated...