GHSA-J6FM-9RFM-J5HX Froxlor has an incomplete fix for CVE-2026-30932

Summary The LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping. Affected Package - Ecosystem: Other - Package: froxlor - Affected versions: a...

EUVD-2020-4559

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-12244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly...

Debian: Security Advisory (DLA-798-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Couchbase Server 日志信息泄露漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server version 7.x up to and including 7.0.4, which stems from a field na...

SUSE-SU-2022:0429-1 Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-1503005946 fixes one issue. The following security issue was fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input bsc1195308...

CVE-2020-15106

CVE-2020-15106 affects etcd prior to versions 3.3.23 and 3.4.10. A large slice is stored in the WAL file length field with no further validation, enabling forging an extremely large frame size that can cause a panic when RAFT participants decode the WAL. Public details come from multiple sources ...

CVE-2017-15105

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence NXDOMAIN answer of an existing wildcard record, or trick unbound into accepting a NODATA proof...

UBUNTU-CVE-2017-6468

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records...

[SECURITY] [DSA 3764-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3764-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 13, 2017 https://www.debian.org/security/faq -...

Veris: Security Vulnerability - SMTP protection not used

Hi, I'm checking your website found SPF record there. You should apply strict SMPT policy to stop spoofed email sending from your domain. An attacker would send a Fake email from [email protected] saying that Please change your password, The victim is aware of phishing attacks, But when he sees...

LibSPF2 < 1.2.8 DNS TXT Record Parsing Bug Heap Overflow PoC

No description provided by source. Advisory: DNS TXT Record Parsing Bug in LibSPF2 Author: Dan Kaminsky, Director of Penetration Testing, IOActive Inc, [email protected] PGP Key In Appendix Abstract: A relatively common bug parsing TXT records delivered over DNS, dating at least back to...

Design/Logic Flaw

Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption...

Input validation

Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record structures during parsing of Excel...

CVE-2011-1272

Summary (CVE-2011-1272) : This vulnerability affects Microsoft Excel and related components (Excel 2002 SP3, 2003 SP3, 2007 SP2; Office 2004/2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack SP2) and is caused by improper validation of record struct...

Design/Logic Flaw

Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array...

CVE-2010-3237

CVE-2010-3237 is a vulnerability in Microsoft Excel (affecting Excel 2002 SP3 and Office for Mac 2004) where parsing of the Merge Cell record can be exploited to execute arbitrary code. The root cause is improper handling/validation of Merge Cell Records in Excel file formats, enabling remote cod...

CVE-2010-3240

CVE-2010-3240 describes a remote code execution vulnerability in Microsoft Office Excel and related components (Excel 2002 SP3, Excel 2007 SP2, Excel Viewer SP2, and Office Compatibility Pack SP2) caused by an error in parsing Real Time Data Array records. An attacker could exploit this by convin...

Microsoft Excel Formula BIFF Record Parsing Memory Corruption (MS10-080; CVE-2010-3231)

Microsoft Excel is a popular spreadsheet application. A memory corruption vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly validate record information upon opening a specially crafted Excel file. A remote...

Microsoft Excel Extra Out of Boundary Record Parsing Code Execution (MS10-080; CVE-2010-3239)

Microsoft Excel is a popular spreadsheet application. A memory corruption vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly validate record information upon opening a specially crafted Excel file. A remote...