234 matches found
OPENSUSE-SU-2026:20461-1 Security update for dnsdist
This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...
Linux Distros Unpatched Vulnerability : CVE-2026-24029
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skippe...
SUSE CVE-2026-24029
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
EUVD-2026-17403
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
UBUNTU-CVE-2026-24029
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
CVE-2026-24029
CVE-2026-24029 affects a DNS-over-HTTPS frontend using the nghttp2 provider. When the early_acl_drop (earlyACLDrop in Lua) option is disabled, the ACL check is skipped, permitting all clients to issue DoH queries regardless of the configured ACL. The default setting enables early_acl_drop, so the...
CVE-2026-24029 DNS over HTTPS ACL bypass
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
CVE-2026-24029
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
CVE-2026-24029
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
CVE-2026-24029 DNS over HTTPS ACL bypass
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
CVE-2026-24029
When the earlyacldrop earlyACLDrop in Lua option is disabled default is enabled on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL...
CVE-2026-32947
A flaw was found in Harden-Runner. A remote attacker with existing code execution within a GitHub Actions workflow could exploit a DNS over HTTPS DoH vulnerability to bypass network restrictions. This allows for the exfiltration of sensitive data by encoding it within DoH queries, which appear as...
CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS DoH vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like...
CVE-2026-32947 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS DoH vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like...
EUVD-2026-13539
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS DoH vulnerability allows attackers to bypass egress-policy: block network restrictions by tunneling exfiltrated data through permitted HTTPS endpoints like...
CVE-2026-32947
Harden-Runner (CI/CD security agent for GitHub Actions runners) versions 2.15.1 and earlier are affected by a DNS over HTTPS (DoH) vulnerability that enables data exfiltration through permitted HTTPS endpoints by encoding data (e.g., hostname) in DoH subdomains. The attack requires the attacker t...
Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)
Summary A vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the egress-policy: block network restriction using DNS over HTTPS DoH. Harden-Runner secures GitHub Actions workflows on runners by applying network policies, including an allowed-endpoints configuration...
PT-2026-25988
Name of the Vulnerable Software and Affected Versions Harden-Runner versions 2.15.1 and below Description Harden-Runner, a CI/CD security agent functioning as an EDR for GitHub Actions runners, contains a DNS over HTTPS DoH issue. This allows attackers to circumvent network restrictions imposed b...
SUSE-SU-2026:0888-1 Security update for dnsdist
This update for dnsdist fixes the following issues: Update to dnsdist 1.9.11: - CVE-2025-8671: Add mitigations for the HTTP/2 MadeYouReset attack bsc1253852. - CVE-2025-30187: denial of service via crafted DoH exchange bsc1250054...
UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor
A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to...