Search CVE reports
271 – 280 of 42294 results
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly...
1 affected package
ruby-nokogiri
| Package | 20.04 LTS |
|---|---|
| ruby-nokogiri | Needs evaluation |
Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
Incomplete validation of the SOA record present in a catalog zone might lead to a crash.
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
1 affected package
pdns-recursor
| Package | 20.04 LTS |
|---|---|
| pdns-recursor | Needs evaluation |
An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that...
1 affected package
dnsdist
| Package | 20.04 LTS |
|---|---|
| dnsdist | Needs evaluation |
An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be...
1 affected package
dnsdist
| Package | 20.04 LTS |
|---|---|
| dnsdist | Needs evaluation |
An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.
1 affected package
dnsdist
| Package | 20.04 LTS |
|---|---|
| dnsdist | Needs evaluation |