Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP6 package coredns, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2023-30464 — CVSS 7.5 (high): CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.
CVE-2022-28948 — CVSS 7.5 (high): An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
CVE-2023-28452 — CVSS 7.5 (high): An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore…
CVE-2022-27191 — CVSS 7.5 (high): The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain…
CVE-2024-22189 — CVSS 7.5 (high): quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory…
CVE-2024-0874 — CVSS 5.3 (medium): A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.
CVE-2024-51744 — CVSS 3.1 (low): golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to…