CVE-2024-21763 BIG-IP AFM vulnerability

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel TMM to terminate. NOTE: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-21763 BIG-IP AFM vulnerability

When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel TMM to terminate. NOTE: Software versions which have reached End of Technical Support EoTS are not evaluated...

F5 Networks BIG-IP : BIG-IP AFM vulnerability (K000137521)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137521 advisory. When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queri...

FreeBSD : zeek -- potential DoS vulnerabilities (96d6809a-81df-46d4-87ed-2f78c79f06b1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 96d6809a-81df-46d4-87ed-2f78c79f06b1 advisory. - Tim Wojtulewicz of Corelight reports: Receiving DNS responses from async DNS requests via A...

K17025: BIND DNSSEC vulnerability CVE-2010-0097

Security Advisory Description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC 1 NSEC and 2 NSEC3 records. CVE-2010-0097 Impact Remote attackers may be able to add the Authenticated Data AD flag to a forg...

K23022557: The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query of a certain type on a CNAME wide IP

Security Advisory Description The BIG-IP system may respond with the NXDOMAIN status when it receives a DNS query on a CNAME wide IP. This issue occurs when all of the following conditions are met: The BIG-IP system is configured with a CNAME wide IP. For example: test.example.com The BIG-IP syst...

CVE-2019-10190

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of...

ISC BIND DoS Vulnerability (CVE-2011-1907)

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Validation Bypass

PowerDNS Recursor is vulnerable validation bypass. The answer section of a NXDOMAIN response lacking an SOA is not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...

[SECURITY] [DSA 4691-1] pdns-recursor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4691-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2020 https://www.debian.org/security/faq -...

CVE-2020-12244

An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...

Open-Xchange: Recursor accepts unsigned, empty NXDOMAINs in secure zones

Hi! This is a slightly edited version of the email I sent to the project's security contacts on 2020-04-21. Open-Xchange confirmed it and asked me to resubmit it here. --- Subject: Recursor may be accepting unsigned, empty NXDOMAINs in secure zones I can easily reproduce this against Cloudflare's...

Syborg - Recursive DNS Subdomain Enumerator With Dead-End Avoidance System

Syborg is a Recursive DNS Domain Enumerator which is neither active nor completely passive. This tool simply constructs a domain name and queries it with a specified DNS Server. Syborg has a Dead-end Avoidance system inspired from @Tomnomnom's ettu. When you run subdomain enumeration with some of...

EulerOS 2.0 SP5 : unbound (EulerOS-SA-2019-2194)

According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could b...

CVE-2019-10190

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of...

Input validation

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of...

ISC BIND DoS Vulnerability (CVE-2019-6467) - Linux

ISC BIND is prone to a denial of service vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

CVE-2016-9778 An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met...

Fedora 28 : knot-resolver (2018-389bc4e911)

Knot Resolver 2.3.0 2018-04-23 ================================ Security -------- - fix CVE-2018-1110: denial of service triggered by malformed DNS messages !550, !558, security!2, security!4 - increase resilience against slow lorris attack security!5 Bugfixes -------- - validation: fix SERVFAIL ...

See how do I find Starbucks subdomain hijacking vulnerability-vulnerability warning-the black bar safety net

! Recently, I seem to and Starbucks and by Chance, the continuous discovery of its two sub-domain name hijacking vulnerability, the balloon won$4000 dollars. Wherein, the first vulnerability is based on Microsoft's Azure cloud service discovery, this time the second vulnerability is also very...