Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.18 views

CVE-2026-33190

A flaw was found in CoreDNS, a DNS server that chains plugins. An unauthenticated remote client can bypass TSIG Transaction Signature based authentication on non-plain-DNS transports such as DNS over TLS DoT, DNS over HTTPS DoH, DNS over HTTP/3 DoH3, DNS over QUIC DoQ, and gRPC. This bypass occur...

8.7CVSS5.5AI score0.00374EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/05 7:2 p.m.10 views

EUVD-2026-27444

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports DoT, DoH, DoH3, DoQ, and gRPC because it trusts the transport writer's TsigStatus instead of performing verification itself. The DoH and DoH3 writer's TsigStatus...

8.7CVSS5.8AI score0.00374EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/05/15 2:32 a.m.3 views

SUSE CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

7.5CVSS6.9AI score0.01078EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 3:5 p.m.1 views

DEBIAN-CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

7.5CVSS5.3AI score0.01078EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/05/13 11:49 a.m.19 views

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

7.5CVSS7.4AI score0.01078EPSS
Exploits0
Rows per page
Query Builder