Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

dns library project dns library vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2018-17419
An issue exists in setTA in scan_rr.go in the Miek Gieben DNS library prior to 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.
Dns Library Project Dns Library
7.5
CVSSv2
CVE-2020-11079
node-dns-sync (npm module dns-sync) up to and including 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
Node-dns-sync Project Node-dns-sync
7.5
CVSSv2
CVE-2017-12087
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this ...
Tinysvcmdns Project Tinysvcmdns 2016-07-18
5
CVSSv2
CVE-2017-12130
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger...
Tinysvcmdns Project Tinysvcmdns 2017-11-05
5
CVSSv2
CVE-2019-9747
In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with...
Tinysvcmdns Project Tinysvcmdns
7.5
CVSSv2
CVE-2008-3657
The dl module in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent malicious users to bypass safe levels and execute da...
Ruby-lang Ruby 1.8.2Ruby-lang Ruby 1.8.4Ruby-lang Ruby 1.8.6Ruby-lang Ruby 1.8.7Ruby-lang Ruby 1.8.5Ruby-lang Ruby 1.8.1Ruby-lang Ruby 1.8.3Ruby-lang Ruby 1.9.0Ruby-lang RubyRuby-lang Ruby 1.6.8Ruby-lang Ruby 1.8.0
7.5
CVSSv2
CVE-2008-3655
Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent malicious users to bypass...
Ruby-lang Ruby 1.8.1Ruby-lang Ruby 1.8.2Ruby-lang Ruby 1.8.3Ruby-lang Ruby 1.8.4Ruby-lang Ruby 1.8.5Ruby-lang Ruby 1.8.6Ruby-lang Ruby 1.8.7Ruby-lang Ruby 1.6.8Ruby-lang Ruby 1.9.0Ruby-lang RubyRuby-lang Ruby 1.8.0
7.5
CVSSv2
CVE-2002-0029
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 up to and including 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote malicious users to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetb...
Isc Bind 4.9.2Isc Bind 4.9.4Isc Bind 4.9.10Isc Bind 4.9.6Isc Bind 4.9.7Isc Bind 4.9.8Isc Bind 4.9.9Isc Bind 4.9.3Isc Bind 4.9.5Astaro Security Linux 2.0.23Astaro Security Linux 2.0.25Astaro Security Linux 2.0.26Astaro Security Linux 2.0.27Astaro Security Linux 2.0.30Astaro Security Linux 3.2.0Astaro Security Linux 3.2.10Astaro Security Linux 2.0.24Astaro Security Linux 3.2.11
6.8
CVSSv2
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality ...
C-ares Project C-aresFedoraproject Fedora 33Fedoraproject Fedora 34Redhat Enterprise Linux 7.0Redhat Enterprise Linux 8.0Redhat Enterprise Linux Eus 7.7Redhat Enterprise Linux 7.7Redhat Enterprise Linux Eus 8.1Redhat Enterprise Linux Eus 8.2Redhat Enterprise Linux Server Tus 8.2Redhat Enterprise Linux Server Aus 8.2Redhat Enterprise Linux Tus 8.4Redhat Enterprise Linux Server Tus 8.4Redhat Enterprise Linux Eus 8.4Redhat Enterprise Linux Server Aus 8.4Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4Redhat Enterprise Linux Server Update Services For Sap Solutions 8.1Redhat Enterprise Linux For Power Little Endian Eus 8.2Redhat Enterprise Linux For Ibm Z Systems Eus 8.2Redhat Enterprise Linux For Ibm Z Systems Eus 8.1Redhat Enterprise Linux For Power Little Endian Eus 8.1
NA
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
C-ares Project C-aresRedhat Enterprise Linux 8.0Redhat Software Collections -Redhat Enterprise Linux 9.0Fedoraproject Fedora 36
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook