rpm package
opensuse/coredns&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/coredns&distro=openSUSE%20Leap%2015.6
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-51744 | Low | 3.1 | < 1.12.1-bp156.4.6.5 | 1.12.1-bp156.4.6.5 | Nov 4, 2024 | golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors r | |
| CVE-2023-30464 | — | < 1.11.3-bp156.4.3.1 | 1.11.3-bp156.4.3.1 | Sep 18, 2024 | CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. | ||
| CVE-2023-28452 | — | < 1.11.3-bp156.4.3.1 | 1.11.3-bp156.4.3.1 | Sep 18, 2024 | An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the | ||
| CVE-2024-0874 | Med | 5.3 | < 1.11.3-bp156.4.3.1 | 1.11.3-bp156.4.3.1 | Apr 25, 2024 | A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching. | |
| CVE-2024-22189 | Hig | 7.5 | < 1.11.3-bp156.4.3.1 | 1.11.3-bp156.4.3.1 | Apr 4, 2024 | quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame | |
| CVE-2022-28948 | — | < 1.11.3-bp156.4.3.1 | 1.11.3-bp156.4.3.1 | May 19, 2022 | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. | ||
| CVE-2022-27191 | — | < 1.11.3-bp156.4.3.1 | 1.11.3-bp156.4.3.1 | Mar 18, 2022 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. |
- affected < 1.12.1-bp156.4.6.5fixed 1.12.1-bp156.4.6.5
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors r
- CVE-2023-30464Sep 18, 2024affected < 1.11.3-bp156.4.3.1fixed 1.11.3-bp156.4.3.1
CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.
- CVE-2023-28452Sep 18, 2024affected < 1.11.3-bp156.4.3.1fixed 1.11.3-bp156.4.3.1
An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the
- affected < 1.11.3-bp156.4.3.1fixed 1.11.3-bp156.4.3.1
A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
- affected < 1.11.3-bp156.4.3.1fixed 1.11.3-bp156.4.3.1
quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame
- CVE-2022-28948May 19, 2022affected < 1.11.3-bp156.4.3.1fixed 1.11.3-bp156.4.3.1
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
- CVE-2022-27191Mar 18, 2022affected < 1.11.3-bp156.4.3.1fixed 1.11.3-bp156.4.3.1
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.