Lucene search
K

4 matches found

AlpineLinux
AlpineLinux
added 2026/06/25 5:24 a.m.8 views

CVE-2026-12490

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port and not the tls-auth-port or over over TCP over the regular...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:24 a.m.7 views

CVE-2026-12490

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port and not the tls-auth-port or over over TCP over the regular...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:24 a.m.39 views

CVE-2026-12490 Bypass of client certificate verification with transfer over TLS

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port and not the tls-auth-port or over over TCP over the regular...

8.2CVSS0.00139EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/05 9:7 p.m.3 views

bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable

It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones DLZs. An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the "allow-transfer" ACL...

5.3CVSS7.1AI score0.037EPSS
Exploits0References5
Rows per page
Query Builder