Search CVE reports


Toggle filters

231 – 240 of 42899 results

Status is adjusted based on your filters.


CVE-2026-40012

Medium priority
Needs evaluation

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

1 affected package

pdns-recursor

Package 22.04 LTS
pdns-recursor Needs evaluation
Show less packages

CVE-2026-42004

Medium priority
Needs evaluation

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that...

1 affected package

dnsdist

Package 22.04 LTS
dnsdist Needs evaluation
Show less packages

CVE-2026-40211

Medium priority
Needs evaluation

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be...

1 affected package

dnsdist

Package 22.04 LTS
dnsdist Needs evaluation
Show less packages

CVE-2026-40210

Medium priority
Needs evaluation

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.

1 affected package

dnsdist

Package 22.04 LTS
dnsdist Needs evaluation
Show less packages

CVE-2026-40209

Medium priority
Needs evaluation

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is...

1 affected package

dnsdist

Package 22.04 LTS
dnsdist Needs evaluation
Show less packages

CVE-2026-40208

Medium priority
Needs evaluation

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

1 affected package

dnsdist

Package 22.04 LTS
dnsdist Needs evaluation
Show less packages

CVE-2026-40011

Medium priority
Needs evaluation

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be...

1 affected package

dnsdist

Package 22.04 LTS
dnsdist Needs evaluation
Show less packages

CVE-2026-33612

Medium priority
Needs evaluation

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.

1 affected package

pdns-recursor

Package 22.04 LTS
pdns-recursor Needs evaluation
Show less packages

CVE-2026-42005

Medium priority
Needs evaluation

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

3 affected packages

dnsdist, pdns, pdns-recursor

Package 22.04 LTS
dnsdist Needs evaluation
pdns Needs evaluation
pdns-recursor Needs evaluation
Show less packages

CVE-2026-56130

Medium priority
Needs evaluation

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache...

1 affected package

shiro

Package 22.04 LTS
shiro Needs evaluation
Show less packages