Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dns library project dns library vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-17419
An issue exists in setTA in scan_rr.go in the Miek Gieben DNS library prior to 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service.
Dns Library Project Dns Library
9.8
CVSSv3
CVE-2020-11079
node-dns-sync (npm module dns-sync) up to and including 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
Node-dns-sync Project Node-dns-sync
9.8
CVSSv3
CVE-2017-12087
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this ...
Tinysvcmdns Project Tinysvcmdns 2016-07-18
7.5
CVSSv3
CVE-2017-12130
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger...
Tinysvcmdns Project Tinysvcmdns 2017-11-05
7.5
CVSSv3
CVE-2019-9747
In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with...
Tinysvcmdns Project Tinysvcmdns
NA
CVE-2008-3657
The dl module in Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent malicious users to bypass safe levels and execute da...
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.8.0
1 EDB exploit
NA
CVE-2008-3655
Ruby 1.8.5 and previous versions, 1.8.6 up to and including 1.8.6-p286, 1.8.7 up to and including 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent malicious users to bypass...
Ruby-lang Ruby 1.8.1
Ruby-lang Ruby 1.8.2
Ruby-lang Ruby 1.8.3
Ruby-lang Ruby 1.8.4
Ruby-lang Ruby 1.8.5
Ruby-lang Ruby 1.8.6
Ruby-lang Ruby 1.8.7
Ruby-lang Ruby 1.6.8
Ruby-lang Ruby 1.9.0
Ruby-lang Ruby
Ruby-lang Ruby 1.8.0
2 EDB exploits
NA
CVE-2002-0029
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 up to and including 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote malicious users to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetb...
Isc Bind 4.9.2
Isc Bind 4.9.4
Isc Bind 4.9.10
Isc Bind 4.9.6
Isc Bind 4.9.7
Isc Bind 4.9.8
Isc Bind 4.9.9
Isc Bind 4.9.3
Isc Bind 4.9.5
Astaro Security Linux 2.0.23
Astaro Security Linux 2.0.25
Astaro Security Linux 2.0.26
Astaro Security Linux 2.0.27
Astaro Security Linux 2.0.30
Astaro Security Linux 3.2.0
Astaro Security Linux 3.2.10
Astaro Security Linux 2.0.24
Astaro Security Linux 3.2.11
1 Nmap script
5.6
CVSSv3
CVE-2021-3672
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality ...
C-ares Project C-ares
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 7.7
Redhat Enterprise Linux 7.7
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Tus 8.4
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.1
Redhat Enterprise Linux For Power Little Endian Eus 8.2
Redhat Enterprise Linux For Ibm Z Systems Eus 8.2
Redhat Enterprise Linux For Ibm Z Systems Eus 8.1
Redhat Enterprise Linux For Power Little Endian Eus 8.1
8.6
CVSSv3
CVE-2022-4904
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
C-ares Project C-ares
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Redhat Enterprise Linux 9.0
Fedoraproject Fedora 36
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »