Lucene search
K

4824 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 8:41 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Use of Cache Containing Sensitive Information (CVE-2026-22741)

Summary There are vulnerabilities in spring-webmvc-6.2.17.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22741. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache...

3.1CVSS5.3AI score0.00236EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/15 3:16 p.m.4 views

GHSA-RGJC-H3X7-9MWG Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...

8.6CVSS5.5AI score0.00179EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 3:16 p.m.10 views

Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...

8.6CVSS5.4AI score0.00179EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.12 views

CVE-2026-47691

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS4.9AI score0.00292EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...

10CVSS6.7AI score0.01272EPSS
Exploits0References34
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.24 views

CVE-2026-45673

A flaw was found in Netty's DNS resolver component. This vulnerability arises from the use of a predictable pseudo-random number generator PRNG for DNS transaction IDs and a static User Datagram Protocol UDP source port. This combination significantly reduces the randomness of DNS queries, making...

6.8CVSS4.9AI score0.00256EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 4:16 p.m.26 views

CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

10CVSS0.00292EPSS
Exploits0References10
OSV
OSV
added 2026/06/12 4:16 p.m.5 views

UBUNTU-CVE-2026-47691

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

10CVSS5.4AI score0.00292EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 3:16 p.m.19 views

CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS0.00256EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 3:16 p.m.6 views

UBUNTU-CVE-2026-45673

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 2:33 p.m.9 views

EUVD-2026-36489

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

8.7CVSS5.3AI score0.00292EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 2:33 p.m.30 views

CVE-2026-47691 Netty has Insufficient Bailiwick Validation for NS Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

8.7CVSS0.00292EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:33 p.m.10 views

CVE-2026-47691 Netty has Insufficient Bailiwick Validation for NS Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

8.7CVSS5.3AI score0.00292EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:33 p.m.261 views

CVE-2026-47691

CVE-2026-47691 affects Netty up to versions 4.1.135.Final and 4.2.15.Final. The issue is in DnsResolveContext bailiwick validation for NS records, where an attacker controlling an authoritative subdomain server can poison the cache for parent domains (e.g., .co.uk). The code path in Authoritative...

10CVSS5.2AI score0.00292EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2026/06/12 2:17 p.m.31 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS0.00224EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:17 p.m.61 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00224EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:17 p.m.248 views

CVE-2026-45674

CVE-2026-45674 affects Netty DNS resolution: the DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Affected versions are 4.1.135.Final and 4.2.15.Final; the issue is patched in those same versions. Potential impact is DNS cache poisoning via missing bai...

10CVSS5.2AI score0.00224EPSS
Exploits0References10Affected Software1
EUVD
EUVD
added 2026/06/12 2:16 p.m.10 views

EUVD-2026-36445

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:16 p.m.9 views

CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3
CVE
CVE
added 2026/06/12 2:16 p.m.44 views

CVE-2026-45673

Technical details are not publicly provided in the supplied connected documents. Monitor for updates on the Netty DNS-related vulnerability (CVE-2026-45673) and any published remediation.

6.8CVSS5.2AI score0.00256EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder