Lucene search
K

95 matches found

OSV
OSV
added 2022/05/06 5:15 a.m.12 views

AZL-9702 CVE-2022-30295 affecting package uclibc-ng for versions less than 1.0.41-1

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.6AI score0.11264EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/05/06 5:15 a.m.23 views

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.6AI score0.11264EPSS
Exploits0References4
Prion
Prion
added 2022/05/06 5:15 a.m.18 views

Design/Logic Flaw

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

4CVSS6.3AI score0.11264EPSS
Exploits0References2Affected Software2
Debian CVE
Debian CVE
added 2022/05/06 4:43 a.m.46 views

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.4AI score0.11264EPSS
Exploits0
CNNVD
CNNVD
added 2021/08/04 12:0 a.m.5 views

HCC Embedded InterNiche 安全特征问题漏洞

HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche that stems from a DNS client not setting enough random transaction ids in the DNSv4 component.An attacker can exploit this vulnerability to pass specially crafted inputs to the application...

7.5CVSS5.6AI score0.01262EPSS
Exploits0References6
Veracode
Veracode
added 2019/12/16 6:41 a.m.35 views

Insecure Random Generator

github.com/miekg/dns uses an insecure random generation for transaction IDs. The default Id function uses an insecure math/rand function, resulting in predictable output and allowing an attacker to exploit the vulnerability to forge responses without being on path...

5.9CVSS2.4AI score0.02066EPSS
Exploits1References7Affected Software1
Trellix
Trellix
added 2019/10/14 12:0 a.m.10 views

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money

ARCHIVED STORY McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – Follow The Money By John Fokker · October 14, 2019 Episode 3: Follow the Money This is the third installment of the McAfee Advanced Threat Research ATR analysis of Sodinokibi and its connections to GandCrab, the mos...

6.6AI score
Exploits0
CERT
CERT
added 2014/11/03 12:0 a.m.50 views

uIP and lwIP DNS resolver vulnerable to cache poisoning

Overview The DNS resolver implemented in uIP and lwIP is vulnerable to cache poisoning due to non-randomized transaction IDs TXIDs and source port reuse. Description CWE-330: Use of Insufficiently Random Values - CVE-2014-4883The DNS resolver implemented in all versions of uIP, as well as lwIP...

4.3CVSS6.6AI score0.00572EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/09/01 12:0 a.m.43 views

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit th...

6.8CVSS6.6AI score0.95182EPSS
Exploits20References3
NVD
NVD
added 2010/05/07 6:30 p.m.24 views

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...

6.4CVSS5.9AI score0.06628EPSS
Exploits1References4
Cvelist
Cvelist
added 2010/05/07 6:23 p.m.44 views

CVE-2010-1690

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...

5.9AI score0.06572EPSS
Exploits1References4
Cvelist
Cvelist
added 2010/05/07 6:23 p.m.45 views

CVE-2010-1689

The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...

5.9AI score0.06628EPSS
Exploits1References4
CVE
CVE
added 2010/05/07 6:23 p.m.75 views

CVE-2010-1689

The Red Hat and NVD entries confirm concrete details for CVE-2010-1689 and CVE-2010-1690: the DNS handling in smtpsvc.dll on Windows and Exchange product lines prior to specific builds uses predictable DNS transaction IDs (CVE-2010-1689) and does not verify that response IDs match queries (CVE-20...

6.4CVSS6AI score0.06628EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2009/03/11 2:19 p.m.19 views

Input validation

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...

5.8CVSS6.9AI score0.27071EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2009/03/11 2:19 p.m.7 views

CVE-2009-0233

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict...

5.8CVSS6.7AI score0.27071EPSS
Exploits1References11
CVE
CVE
added 2009/03/11 2:0 p.m.64 views

CVE-2009-0233

CVE-2009-0233 is the DNS Resolver Cache Service (DNSCache) vulnerability in Windows DNS Server. When dynamic updates are enabled, the server may fail to reuse cached DNS responses in all scenarios, enabling remote attackers to predict transaction IDs and poison caches by sending crafted DNS queri...

5.8CVSS6.3AI score0.27071EPSS
Exploits1References10Affected Software3
Cvelist
Cvelist
added 2009/03/11 2:0 p.m.27 views

CVE-2009-0234

The DNS Resolver Cache Service aka DNSCache in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted...

6.3AI score0.34442EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2009/02/27 12:0 a.m.29 views

CentOS Update for irb CESA-2008:0896 centos3 i386

Check for the Version of irb OpenVAS Vulnerability Test CentOS Update for irb CESA-2008:0896 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

7.5CVSS6.9AI score0.15678EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2008/09/03 12:0 a.m.32 views

Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020, 945553)

The remote host is probably affected by the vulnerability described in CVE-2008-0087 SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.8CVSS6.8AI score0.31366EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2008/08/08 12:0 a.m.42 views

ruby -- DNS spoofing vulnerability

The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...

6.8CVSS7AI score0.95182EPSS
Exploits20References1
Rows per page
Query Builder