Lucene search
K

146 matches found

Prion
Prion
added 2023/02/12 4:15 a.m.17 views

Information disclosure

Information disclosure in modem due to buffer over read in dns client due to missing length check...

5CVSS7.4AI score0.00375EPSS
Exploits0References1
CVE
CVE
added 2023/02/09 6:58 a.m.76 views

CVE-2022-25732

CVE-2022-25732 is a buffer over-read in the modem’s DNS client due to a missing length check, exposing information from the modem memory. Multiple connected sources confirm: affected component is the modem’s DNS client; root cause is lack of length validation leading to information disclosure; im...

8.2CVSS7.6AI score0.00375EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/09 6:58 a.m.16 views

CVE-2022-25732 Buffer Over-read in MODEM

Information disclosure in modem due to buffer over read in dns client due to missing length check...

8.2CVSS6.9AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/09 6:58 a.m.36 views

CVE-2022-25732 Buffer Over-read in MODEM

Information disclosure in modem due to buffer over read in dns client due to missing length check...

8.2CVSS8.3AI score0.00375EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/08 12:0 a.m.9 views

PT-2023-8454

Name of the Vulnerable Software and Affected Versions systemd-resolved affected versions not specified Description The issue is related to insufficient authentication checks of messages from DNS clients in the systemd-resolved service, which manages network connections and domain name resolutions...

7.8CVSS6.6AI score0.01051EPSS
Exploits4References65
Fedora
Fedora
added 2022/07/30 1:57 a.m.13 views

[SECURITY] Fedora 36 Update: golang-github-cpu-goacmedns-0.1.1-6.fc36

A Go library to handle acme-dns client communication and persistent account storage...

2.8AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.26 views

Mageia: Security Advisory (MGASA-2014-0189)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.8AI score0.07571EPSS
Exploits0References6
OSV
OSV
added 2022/01/24 8:15 p.m.5 views

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts...

4.3CVSS5.8AI score0.00554EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/24 8:10 p.m.29 views

CVE-2021-36349

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts...

4.3CVSS5AI score0.00554EPSS
Exploits0References1
Prion
Prion
added 2021/08/18 7:15 p.m.21 views

Design/Logic Flaw

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

5CVSS8.6AI score0.01262EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/18 6:35 p.m.44 views

CVE-2020-25926

The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning remote. The component is: dnsquerytype. The attack vector is: a specific DNS response packet...

8AI score0.01262EPSS
Exploits0References2
CVE
CVE
added 2021/08/18 6:35 p.m.60 views

CVE-2020-25926

Summary of CVE-2020-25926 (INFRA:HALT) in HCC Embedded/NicheStack: The DNS client in InterNiche NicheStack TCP/IP (pre-4.3) suffers from insufficient entropy in DNS transaction IDs, enabling remote DNS cache poisoning via specially crafted responses. The related ICS/National advisories enumerate ...

7.5CVSS7.9AI score0.01262EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2021/08/06 12:0 a.m.20 views

HCC Embedded InterNiche Security Feature Issue Vulnerability

HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche that stems from a DNS client not setting enough random transaction ids in the DNSv4 component.An attacker can exploit this vulnerability to pass specially crafted inputs to the application...

7.5CVSS7.5AI score0.01262EPSS
Exploits0References1
Prion
Prion
added 2021/04/22 9:15 p.m.28 views

Code injection

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions = V0.5.0.0 V1.0.0.0, TALON TC Compact BACnet All versions V3.5.5, TALON TC Modular BACnet All versions V3.5.5. The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the D...

5CVSS5.8AI score0.01061EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2021/03/11 10:15 p.m.3 views

CVE-2016-20009

A DNS client stack-based buffer overflow in ipdnscdecodename affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

9.8CVSS6.2AI score0.01894EPSS
Exploits1References2
Prion
Prion
added 2021/03/11 10:15 p.m.25 views

Stack overflow

A DNS client stack-based buffer overflow in ipdnscdecodename affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7.5CVSS7.7AI score0.01894EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/03/11 9:39 p.m.27 views

CVE-2016-20009

A DNS client stack-based buffer overflow in ipdnscdecodename affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

9.8AI score0.01894EPSS
Exploits1References2
CVE
CVE
added 2021/03/11 9:39 p.m.94 views

CVE-2016-20009

Vulnerability: Wind River VxWorks 6.5–7 is affected by a DNS client stack-based buffer overflow in ipdnsc_decode_name(). The Red Hat/NVD-derived entries, CNVD, PRION, and PT Security notes confirm the issue affects Wind River VxWorks versions 6.5 through 7 and describe an out-of-bounds write in t...

9.8CVSS9.7AI score0.01894EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2020/12/11 11:15 p.m.16 views

CVE-2020-17470

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...

5.3CVSS6.9AI score
Exploits0References3
Prion
Prion
added 2020/12/11 11:15 p.m.14 views

Code injection

An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs they are always set to 1 in fnetdnspoll in fnetdns.c. This significantly simplifies DNS cache poisoning attacks...

5CVSS7.2AI score0.02072EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder