8 matches found
CVE-2025-71058
Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inje...
ABB B&R PCs
SUMMARY ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code, initiate DoS attacks, conduct DNS cache...
CVE-2023-31442
In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...
CVE-2016-10824
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning SEC-90...
PT-2023-23330 · Lightbend · Akka Discovery +1
Name of the Vulnerable Software and Affected Versions: Lightbend Akka versions 2.5.14 through 2.8.0 Akka Discovery versions 2.5.14 through 2.8.0 Description: The async-dns resolver in Lightbend Akka uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
Vulnerabilities fixed in Microsoft Windows
There are several vulnerabilities in Microsoft Windows. The vulnerabilities allow a malicious person to: - execute arbitrary code with user privileges; - grant themselves elevated privileges; - circumvent security measures; - gain access to sensitive data; - construct a DNS cache poisoning attack...