CVE-2026-12969

Dnsmasq has an out-of-bounds read in find_soa() (src/rfc1035.c) when parsing NS records; extract_name() is called with extrabytes=0 and does not validate that 10 extra bytes exist for fixed-length DNS fields. A remote attacker controlling a DNS zone could exploit a crafted NXDOMAIN response to pe...

hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

PT-2026-38485

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

RUSTSEC-2026-0120 NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...

CVE-2026-2013 itsourcecode Student Management System index.php sql injection

A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used...

MiracleLinux 4 : bind-dyndb-ldap-1.1.0-0.9.b1.0.2.AXS4 (AXSA:2012-800:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-800:03 advisory. This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP serve...

CVE-2010-0448

Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to obtain "unauthorized access to data" via unknown vectors...

CVE-2010-0450

Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote authenticated users to gain privileges via unknown vectors...

CVE-2010-0449

Cross-site scripting XSS vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2017-12759

Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution remote...

CVE-2019-2572

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware subcomponent: Fabric Layer. The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle SOA Suite. Successful...

Siemens Ruggedcom ROX Buffer Over-read (CVE-2020-22217)

Buffer overflow vulnerability in c-ares before 1161 thru 1170 via function aresparsesoareply in aresparsesoareply.c. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

EUVD-2016-4522

Malware in sbrugna...

EUVD-2018-14960

Malware in sbrugna...

EUVD-2010-0479

Malware in sbrugna...

EUVD-2017-18041

Malware in sbrugna...

EUVD-2019-12212

Malware in sbrugna...

EUVD-2010-1638

Malware in sbrugna...

EUVD-2017-1673

Malware in sbrugna...

EUVD-2017-18044

Malware in sbrugna...