coredns-fips-1.11

Direct Vulnerabilities

Known vulnerabilities in the coredns-fips-1.11 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GO-2026-5932

*
  • L
CVE-2026-39822

*
  • L
CVE-2026-42505

*
  • L
Uncontrolled Memory Allocation

*
  • H
Untrusted Search Path

*
  • L
Untrusted Search Path

*
  • L
GHSA-xmrv-pmrh-hhx2

*
  • L
Deserialization of Untrusted Data

*
  • L
Improper Restriction of Rendered UI Layers or Frames

*
  • L
Improper Restriction of Rendered UI Layers or Frames

*
  • L
Improper Verification of Cryptographic Signature

*
  • L
CVE-2026-42504

*
  • M
Use of a Broken or Risky Cryptographic Algorithm

*
  • M
CVE-2025-47911

*
  • L
Missing Authorization

*
  • M
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
Improper Restriction of Rendered UI Layers or Frames

*
  • L
Improper Certificate Validation

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • L
CVE-2026-46598

*
  • L
Missing Authorization

*
  • L
CVE-2026-42507

*
  • L
Improper Enforcement of Message Integrity During Transmission in a Communication Channel

*
  • L
CVE-2026-39824

*
  • L
Cross-site Scripting (XSS)

*
  • L
Improper Certificate Validation

*
  • L
Use of a Broken or Risky Cryptographic Algorithm

*
  • L
CVE-2026-27145

*
  • L
Incorrect Type Conversion or Cast

*
  • L
Improper Certificate Validation

*
  • L
CVE-2024-45338

*
  • L
Integer Overflow or Wraparound

*
  • L
Out-of-Bounds

*
  • L
Resource Exhaustion

*
  • L
CVE-2026-46595

*
  • L
CVE-2026-39821

*
  • L
Reachable Assertion

*
  • H
NULL Pointer Dereference

*
  • M
Out-of-bounds Write

*
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

*
  • L
CVE-2026-42499

*
  • L
CVE-2026-39825

*
  • L
Cross-site Scripting (XSS)

*
  • M
Link Following

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • L
Improper Encoding or Escaping of Output

*
  • L
CVE-2026-42501

*
  • H
Double Free

*
  • C
Improper Authentication

*
  • H
Incorrect Authorization

*
  • H
Incorrect Implementation of Authentication Algorithm

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
Resource Exhaustion

*
  • C
CVE-2026-27143

<1.11.4-r3
  • H
Access of Resource Using Incompatible Type ('Type Confusion')

<1.11.4-r3
  • H
Allocation of Resources Without Limits or Throttling

<1.11.4-r3
  • H
Improper Certificate Validation

<1.11.4-r3
  • M
Link Following

<1.11.4-r3
  • H
Incorrect Authorization

<1.11.4-r3
  • M
Allocation of Resources Without Limits or Throttling

<1.11.4-r3
  • L
CVE-2026-32280

<1.11.4-r3
  • H
Improper Certificate Validation

<1.11.4-r3
  • M
Cross-site Scripting (XSS)

<1.11.4-r3
  • L
Improper Authorization

*
  • L
Direct Request ('Forced Browsing')

<1.11.4-r2
  • L
Cross-site Scripting (XSS)

<1.11.4-r2
  • L
Directory Traversal

<1.11.4-r2
  • L
Predictable Seed in PRNG

*
  • M
Time-of-check Time-of-use (TOCTOU)

*
  • L
CVE-2025-61732

*
  • C
CVE-2025-68121

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
Reachable Assertion

*
  • L
Insufficient Verification of Data Authenticity

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
CVE-2025-22870

*
  • L
Asymmetric Resource Consumption (Amplification)

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
CVE-2024-45337

*
  • L
Incorrect Conversion between Numeric Types

*
  • L
CVE-2025-47914

*
  • L
Allocation of Resources Without Limits or Throttling

*
  • L
CVE-2025-58181

*
  • L
CVE-2025-22868

*
  • L
CVE-2025-22872

*
  • L
CVE-2025-22869

*