13 matches found
CVE-2026-33257 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
SUSE CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
A flaw was found in the internal webserver of dnsdist and PowerDNS. When the internal webserver is enabled, a remote attacker can exploit a misconfiguration in the Cross-Origin Resource Sharing CORS policy. By tricking an administrator logged into the dashboard into visiting a malicious website,...
EUVD-2026-17363
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
UBUNTU-CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397 Information disclosure via CORS misconfiguration
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397 Information disclosure via CORS misconfiguration
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
CVE-2026-0397 in dnsdist is caused by a misconfigured CORS policy, enabling information disclosure when an admin user navigates to a malicious site via the dashboard. Connected advisories confirm multiple vendors (Debian, SUSE, Fedora, FreeBSD) have addressed this family of issues by releasing up...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
CVE-2026-0397
When the internal webserver is enabled default is disabled, an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration o...
PT-2026-29242
Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description A misconfiguration of the Cross-Origin Resource Sharing CORS policy exists when the internal webserver is enabled. An attacker may be able to trick an administrator logged into the dashboard...