CVE-2023-28451

An issue was discovered in Technitium 11.0.2. There is a vulnerability called BadDNS in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS denial of service for normal resolution. The effects of an exploit would be widespread and highly impactful, becaus...

CVE-2023-28452

An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a...

postgresql security update

13.16-1.0.1 - Remove non ASCII character from changelog date 13.16-1 - Update to 13.16 13.14-2 - Remove /var/run/postgresql - Related: RHEL-25756 13.14-1 - Update to 13.14 - Fix CVE-2024-0985 13.13-1 - Update to 13.13 - Fixes CVE-2023-5868, CVE-2023-5869, CVE-2023-5870, and CVE-2023-39417 -...

CVE-2024-41040 net/sched: Fix UAF when resolving a clash

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcfctflowtableprocessconn+0x12b/0x380 actct Read of size 1 at addr ffff888c07603600 by task handler130/6469 Call Trace:...

Amazon Linux 2 : unbound (ALASUNBOUND-2024-002)

The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-002 advisory. A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to...

RHEL 4 : bind (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - bind: deleted domain name resolving flaw CVE-2012-1033 - bind: malformed signature records for DNAME...

Domainim - A Fast And Comprehensive Tool For Organizational Network Scanning

Domainim is a fast domain reconnaissance tool for organizational network scanning. The tool aims to provide a brief overview of an organization's structure using techniques like OSINT, bruteforcing, DNS resolving etc. Features Current features v1.0.1- - Subdomain enumeration 2 engines +...

CVE-2021-47525

In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix use-after-free and memleak on unbind Deregister the port when unbinding the driver to prevent it from being used after releasing the driver data and leaking memory allocated by serial core...

CVE-2024-35878

CVE-2024-35878 : The connected documentation provides concrete details—this Linux kernel vulnerability concerns a NULL pointer dereference in vsnprintf() triggered by improper handling of the str/len parameters in of_modalias(). The issue could oops when a NULL pointer is passed unless length is ...

CVE-2024-35869

In the Linux kernel, the following vulnerability has been resolved: smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by ensuring that all children from parent @tcon-ses are also...

WordPress Tutor LMS Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4223 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 86348e33f1ae Credits villu164 Required privilege...

GHSA-WGX7-JP56-65MQ Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-1603)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-48696 regmap: spi: Reserve space for register address/padding

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

CVE-2024-26970

CVE-2024-26970 affects the Linux kernel clock driver for Qualcomm IPQ6018 (clk: qcom: gcc-ipq6018). Root cause: frequency table arrays lacked a terminating empty element, risking out-of-bounds access when traversed by qcom_find_freq() or qcom_find_freq_floor(). Mitigation: patch adds an empty ter...

[SECURITY] Fedora 40 Update: xmvn-4.2.0-8.fc40

This package provides extensions for Apache Maven that can be used to manage system artifact repository and use it to resolve Maven artifacts in offline mode, as well as Maven plugins to help with creating RPM packages containing Maven artifacts...

WordPress Nextend Facebook Connect Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS)

Software Nextend Facebook Connect Type Plugin Vulnerable versions = 3.1.12 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1775 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 6fbf027206e8 Credits Tobias...

CentOS 9 : unbound-1.16.2-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the unbound-1.16.2-3.el9 build changelog. - A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The...

Amazon Linux 2 : unbound (ALAS-2024-2467)

The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2467 advisory. A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software...

Medium: unbound

Issue Overview: A vulnerability named 'Non-Responsive Delegation Attack' NRDelegation Attack has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by queryin...