4 matches found
ALPINE-CVE-2026-12490
When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port and not the tls-auth-port or over over TCP over the regular...
PT-2026-52212
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where a secondary requesting a transfer does not need to provide a client certificate when the request is made over TLS via the regular tls-port...
CVE-2025-57247
The BATBToken smart contract address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a contains incorrect access control implementation in whitelist management functions. The setColdWhiteList and setSpecialAddress functions in the base ERC20 contract are declare...
bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable
It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones DLZs. An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the "allow-transfer" ACL...