22 matches found
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2026-1301)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2026-2966
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS...
CVE-2026-2966
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values
A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...
CVE-2022-33988
dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...
EUVD-2007-3144
Malware in sbrugna...
EUVD-2025-21730
Malicious code in bioql PyPI...
EUVD-2022-37021
Malicious code in bioql PyPI...
unbound: Unbound Cache poisoning
A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...
CVE-2025-5994
CVE-2025-5994 describes a rebirthday cache-poisoning risk in ECS-enabled caching resolvers. Affected product: Unbound (if built with ECS support and configured to send ECS data upstream). Root cause: need to segregate outgoing queries by ECS info; otherwise an attacker could exploit DNS transacti...
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...
CVE-2025-5994
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...
unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack
[email protected] reports: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information...
CVE-2021-25677
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions = V0.5.0.0 V1.0.0.0, TALON TC Compact BACnet All versions V3.5.5, TALON TC Modular BACnet All versions V3.5.5. The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the D...
Code injection
dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...
CVE-2022-33988
dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...
uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID
Overview The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environmen...
Design/Logic Flaw
uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...