CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CLSA-2025-1761849390 Fix CVE(s): CVE-2022-47695

SECURITY UPDATE: denial of service via bfdmachogetsyntheticsymtab in match-o.c - debian/patches/CVE-2022-47695.patch: Fix segmentation fault in comparesymbols function by excluding section and synthetic symbols before checking symbol flags - CVE-2022-47695...

EUVD-2022-54558

In the Linux kernel, the following vulnerability has been resolved: tick/nohz: unexport init-annotated ticknohzfullsetup EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to ...

Possible domain hijacking via promiscuous records in the authority section

...

FreeBSD : unbound -- Possible domain hijacking via promiscuous records in the authority section (ea1c485f-b025-11f0-bce7-bc2411002f50)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea1c485f-b025-11f0-bce7-bc2411002f50 advisory. [email protected] reports: NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possib...

CVE-2025-40778 Cache poisoning attacks with unsolicited RRs

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section

NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...

CVE-2025-11411

Summary: CVE-2025-11411 affects NLnet Labs Unbound up to and including 1.24.1, enabling possible domain hijack via promiscuous NS RRSets injected in DNS responses. The root issue is that NS RRSets in replies could be trusted for delegation updates, allowing a malicious actor to poison caches. The...

unbound -- Possible domain hijacking via promiscuous records in the authority section

[email protected] reports: NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987517)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987517 advisory. In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport init-annotated xfrm4protocolinit EXPORTSYMBOL and init is a bad combination...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the elfx8664relocatesection function. An attacker can cause a heap-based buffer overflow by providing specially crafted input files during the linking process. Remediation A fix was pushed into the master...

CVE-2025-11495

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elfx8664relocatesection of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

UBUNTU-CVE-2025-11495

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elfx8664relocatesection of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclos...

CVE-2025-11495

CVE-2025-11495 affects GNU Binutils 2.45. The vulnerable element is the linker’s elf_x86_64_relocate_section function in elf64-x86-64.c, where manipulation can cause a heap-based buffer overflow. Impact is local, with publicly disclosed exploit. A patch is available (patch name: 6b21c8b2ecfef5c95...

EUVD-2007-0388

Malware in sbrugna...

EUVD-2016-5997

Malware in sbrugna...

EUVD-2008-5315

Malware in sbrugna...

EUVD-2008-6992

Malware in sbrugna...

EUVD-2020-2845

Malware in sbrugna...