CVE-2026-44608

A flaw was found in Unbound. When operating in a multi-threaded configuration with specific Response Policy Zones RPZ using 'rpz-nsip' or 'rpz-nsdname' triggers, a locking inconsistency during an RPZ zone transfer XFR reload can occur. This timing issue may allow an adversary to trigger a heap...

PT-2026-34634

Froxlor is open source server administration software. Prior to version 2.3.6, DomainZones::add accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in the content field. When a DNS type not covered by the if/elseif validation chain is submitted e.g.,...

Arbitrary Code Injection

froxlor/froxlor is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper validation of DNS record content in the DomainZones.add endpoint, which allows an attacker to inject malicious directives into zone files and manipulate DNS configuration...

[SECURITY] [DSA 6134-1] pdns-recursor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6134-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 13, 2026 https://www.debian.org/security/faq -...

EUVD-2022-54529

In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...

EUVD-2011-4959

Malware in sbrugna...

CVE-2022-49706

In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefsiomapbegin for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent an IO, but the iomap...

SUSE CVE-2009-1713

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read 1 arbitrary local files and 2 files from different security zones via unspecified vectors...

SUSE CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

SUSE-SU-2022:0675-1 Security update for ldns

This update for ldns fixes the following issues: - CVE-2020-19860: Fixed heap-based out of bounds read when verifying a zone file bsc1195057. - CVE-2020-19861: Fixed heap-based out of bounds read in ldnsnsec3saltdata bsc1195058...

SUSE: Security Advisory (SUSE-SU-2012:0055-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

F5 Networks BIG-IP : BIND vulnerability (K19807532)

"The asterisk character '' is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a terminal node. A problem can occu...

Ubuntu 20.04 LTS : Bind vulnerabilities (USN-4399-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4399-1 advisory. It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to...

USN-4399-1: Bind vulnerabilities

It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. CVE-2020-8618 It was discovered that Bind incorrectly handled certain asterisk characters in zone files....

Information Disclosure

java is vulnerable to information disclosure. The vulnerability exists as an information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the JREHOME/lib/zi/ directory, allowing a remote attacker to probe the local...

Global Internet Authority ICANN Has Been Hacked

The Internet Corporation for Assigned Names and Numbers ICANN has been hacked by unknown attackers that allowed them to gain administrative access to some of the organization's systems, the organization confirmed. The attackers used "spear phishing" campaign to target sensitive systems operated b...

Attackers Compromise ICANN, Zone Files System

Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names. The attack apparently took place in November and ICANN...

openSUSE Security Update : glibc (openSUSE-SU-2012:0064-1)

Specially crafted time zone files could cause a heap overflow in glibc CVE-2009-5029. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update glibc-5554. The text description of this plugin is C SUSE...

CentOS 5 : java-1.6.0-openjdk (CESA-2009:1584)

Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJD...

CVE-2011-5056

The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service CPU consumption via crafted records in zone files, a different vulnerability than...