32 matches found
Astra Linux – Vulnerability in bind9
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...
MiracleLinux 3 : openssl-0.9.8b-10.1AXS3.1 (AXSA:2009-13:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-13:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...
MiracleLinux 3 : dbus-1.0.0-7AXS3.1 (AXSA:2009-08:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-08:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging...
Linux Distros Unpatched Vulnerability : CVE-2020-7711
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures...
Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795)
Summary UPDATED May 17 Corrected the affected fileset levels for AIX 7.2 TL5 and removed bos.net.tcp.bind 7.2.5.200.: A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2022-38178, CVE-2022-3080, CVE-2022-38177, CVE-2022-2795. AIX uses ISC BIND as part of i...
dotnet: X509 Certificates - Validation Bypass across Azure
A security feature bypass vulnerability exists when Microsoft .NET Framework-based applications use X.509 chain building APIs but do not completely validate the X.509 certificate due to a logic flaw. An attacker could present an arbitrary untrusted certificate with malformed signatures, triggerin...
EulerOS Virtualization 2.10.1 : dhcp (EulerOS-SA-2023-1886)
According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance,...
SUSE CVE-2009-0049
Belgian eID middleware eidlib 2.6.0 and earlier does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...
SUSE CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
SUSE CVE-2022-38178
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...
OESA-2022-1982 bind security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
OESA-2022-1981 bind security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
Oracle Linux 9 : bind (ELSA-2022-6763)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6763 advisory. - Fix possible serve-stale related crash CVE-2022-3080 - Fix memory leak in ECDSA verify processing CVE-2022-38177 Tenable has extracted the preceding...
bind: memory leaks in EdDSA DNSSEC verification code
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...
bind: memory leak in ECDSA DNSSEC verification code
A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...
bind: memory leak in ECDSA DNSSEC verification code
A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...
AZL-39989 CVE-2022-38178 affecting package dhcp for versions less than 4.4.3-2
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...
DEBIAN-CVE-2022-38177
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...