CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

EUVD-2026-34155

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version unbound 1.22.0, aiding targeted attacks against known vulnerabilities...

Important: docker

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

PT-2026-42155

Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.48 BIND versions 9.20.0 through 9.20.22 BIND versions 9.21.0 through 9.21.21 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.48-S1 BIND...

OESA-2026-2058 bind security update

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Linux Distros Unpatched Vulnerability : CVE-2026-32945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS...

bind: Cache poisoning attacks with unsolicited RRs

A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records RRs in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache...

[SECURITY] Fedora 42 Update: unbound-1.24.1-1.fc42

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

com.netki:wallet-name-resolver (>=0.0.2 <=0.1.3), org.id4me:relying-party-api (>=1.0 <=2.19) potentially affected by CVE-2023-50387 via org.jitsi:dnssecjava (>=1.0 <=2.0.0)

org.jitsi:dnssecjava MAVEN version =1.0, =0.0.2, =1.0, =2.19 Source cves: CVE-2023-50387 Source advisory: OSV:GHSA-CRJG-W57M-RQQF...

com.netki:wallet-name-resolver (>=0.0.2 <=0.1.3), org.id4me:relying-party-api (>=1.0 <=2.19) potentially affected by CVE-2023-50868 via org.jitsi:dnssecjava (>=1.0 <=2.0.0)

org.jitsi:dnssecjava MAVEN version =1.0, =0.0.2, =1.0, =2.19 Source cves: CVE-2023-50868 Source advisory: OSV:GHSA-MMWX-RJ87-VFGR...

CVE-2023-6516

A flaw was found in the named application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named performs a cache database clean up under certain conditions. This issue may allow an attacker to...

avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames

A flaw was found in avahi. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is...

Debian: Security Advisory (DLA-3567-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3471-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3471-1] c-ares security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3471-1 [email protected] https://www.debian.org/lts/security/ Anton Gladky June 26, 2023 https://wiki.debian.org/LTS -...

Debian: Security Advisory (DSA-5419-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2021-3502

A flaw was found in avahi 0.8-5. A reachable assertion is present in avahishostnameresolverstart function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this...

CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

The vulnerability of the avahi_s_host_name_resolver_start function in the Avahi service discovery system in local networks allows a attacker to trigger a service failure. This vulnerability is related to pointer arithmetic errors.

The vulnerability of the avahishostnameresolverstart function in the Avahi service discovery system in local networks is related to pointer arithmetic errors. Exploiting this vulnerability can allow attackers to cause service failures...