Lucene search
K

16 matches found

Github Security Blog
Github Security Blog
added 2026/04/30 6:10 p.m.12 views

Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation

Summary The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL...

5.3AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/30 6:10 p.m.5 views

GHSA-83HF-93M4-RGWQ Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation

Summary The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL...

8.7CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.5 views

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS5.1AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/04/26 3:15 a.m.5 views

DEBIAN-CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS5.2AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/04/26 3:15 a.m.6 views

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/04/26 3:15 a.m.4 views

UBUNTU-CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS5.8AI score0.00162EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/26 2:38 a.m.6 views

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS5.2AI score0.00162EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/26 2:38 a.m.34 views

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/04/26 2:38 a.m.15 views

CVE-2026-42254

The CVE affects Hickory DNS hickory-recursor versions 0.1 through 0.25.2. The root cause is cross-zone poisoning caused by cached data not being directly associated with the query that triggered the response, enabling manipulation of cached responses. Impact is limited to information integrity in...

4CVSS5.2AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/26 2:38 a.m.7 views

EUVD-2026-25687

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS5.1AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/26 2:38 a.m.5 views

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS5.2AI score0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-42254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a respons...

4CVSS5.8AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35193

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

4CVSS5.2AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 12:0 p.m.6 views

RUSTSEC-2026-0106 Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation

The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...

5.7AI score
Exploits0References3
RustSec
RustSec
added 2026/04/22 12:0 p.m.10 views

Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation

The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...

5.7AI score
Exploits0
0day.today
0day.today
added 2016/01/28 12:0 a.m.64 views

Apple Mac OSX / iOS - Unsandboxable Kernel Use-After-Free in Mach Vouchers

Exploit for multiple platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=553 The mach voucher subsystem fails to correctly handle spoofed no-more-senders messages. ipckobjectserver will be called for mach messages sent to kernel-owned mach...

7.2CVSS8.3AI score0.00996EPSS
Exploits5
Rows per page
Query Builder