Search CVE reports
61 – 70 of 50086 results
NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other...
1 affected package
unbound
| Package | 16.04 LTS |
|---|---|
| unbound | Needs evaluation |
Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Not affected |
| isc-dhcp | Not affected |
| bind9-libs | — |
Amplification vulnerabilities via self-pointed glue records
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Not affected |
| bind9-libs | — |
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and...
1 affected package
unbound
| Package | 16.04 LTS |
|---|---|
| unbound | Needs evaluation |
NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading...
1 affected package
unbound
| Package | 16.04 LTS |
|---|---|
| unbound | Needs evaluation |
BIND 9 server memory exhaustion during GSS-API TKEY negotiation
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 16.04 LTS |
|---|---|
| bind9 | Needs evaluation |
| isc-dhcp | Not affected |
| bind9-libs | — |
An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink...
1 affected package
rsync
| Package | 16.04 LTS |
|---|---|
| rsync | Needs evaluation |
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For...
1 affected package
libtemplate-perl
| Package | 16.04 LTS |
|---|---|
| libtemplate-perl | Needs evaluation |
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via...
1 affected package
xen
| Package | 16.04 LTS |
|---|---|
| xen | Needs evaluation |
Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing...
1 affected package
xen
| Package | 16.04 LTS |
|---|---|
| xen | Needs evaluation |