Lucene search
K

22 matches found

OpenVAS
OpenVAS
added 2026/03/16 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2026-1301)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.2AI score0.00681EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-2966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS...

6.3CVSS5.2AI score0.0038EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/23 2:2 a.m.5 views

CVE-2026-2966

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

6.3CVSS4.7AI score0.0038EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/23 2:2 a.m.29 views

CVE-2026-2966 Cesanta Mongoose DNS Transaction ID dns.c mg_sendnsreq random values

A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mgsendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched...

6.3CVSS0.0038EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.6 views

CVE-2022-33988

dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...

7.5CVSS6.9AI score0.00908EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-3144

Malware in sbrugna...

7.5CVSS6.1AI score0.01402EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-21730

Malicious code in bioql PyPI...

8.7CVSS6.2AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-37021

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00908EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/07/28 10:47 a.m.3 views

unbound: Unbound Cache poisoning

A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet ECS must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS...

8.7CVSS7.3AI score0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/16 2:38 p.m.12 views

CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...

8.7CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 2:38 p.m.64 views

CVE-2025-5994

CVE-2025-5994 describes a rebirthday cache-poisoning risk in ECS-enabled caching resolvers. Affected product: Unbound (if built with ECS support and configured to send ECS data upstream). Root cause: need to segregate outgoing queries by ECS info; otherwise an attacker could exploit DNS transacti...

8.7CVSS6.2AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/16 2:38 p.m.10 views

CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...

8.7CVSS6.8AI score0.00188EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/07/16 2:38 p.m.4 views

CVE-2025-5994

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...

8.7CVSS7AI score0.00188EPSS
Exploits0
FreeBSD
FreeBSD
added 2025/07/16 12:0 a.m.5 views

unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack

[email protected] reports: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information...

8.7CVSS6.4AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.9 views

CVE-2021-25677

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions = V0.5.0.0 V1.0.0.0, TALON TC Compact BACnet All versions V3.5.5, TALON TC Modular BACnet All versions V3.5.5. The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the D...

5.3CVSS6.8AI score0.01061EPSS
Exploits0References1
Prion
Prion
added 2022/08/15 1:15 p.m.14 views

Code injection

dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...

5CVSS7.5AI score0.00908EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/08/15 12:9 p.m.21 views

CVE-2022-33988

dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...

7.7AI score0.00908EPSS
Exploits1References3
CERT
CERT
added 2022/05/09 12:0 a.m.57 views

uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID

Overview The uClibc and uClibc-ng libraries, prior to uClibc-ng 1.0.41, are vulnerable to DNS cache poisoning due to the use of predicatble DNS transaction IDs when making DNS requests. This vulnerability can allow an attacker to perform DNS cache poisoning attacks against a vulnerable environmen...

6.5CVSS6.4AI score0.11264EPSS
Exploits0References14
Prion
Prion
added 2022/05/06 5:15 a.m.18 views

Design/Logic Flaw

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

4CVSS6.3AI score0.11264EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/08/18 6:35 p.m.44 views

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

8AI score0.01262EPSS
Exploits0References2
Rows per page
Query Builder