Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2022/05/11 11:33 a.m.69 views

Moderate: Red Hat Security Advisory: Release of containers for OSP 16.2.z director operator tech preview

Red Hat OpenStack Platform 16.2 Train director Operator containers are available for technology preview. Release osp-director-operator images Security Fixes: golang: kubernetes: YAML parsing vulnerable to "Billion Laughs" attack, allowing for remote CVE-2019-11253 golang: golang-github-miekg-dns:...

7.5CVSS6.7AI score0.25939EPSS
Exploits9References7
Github Security Blog
Github Security Blog
added 2022/03/01 9:3 p.m.46 views

Improper random number generation in github.com/coredns/coredns

Impact CoreDNS before 1.6.6 using go DNS package 1.1.25 improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. Patches The problem has been fixed in 1.6.6+. References - CVE-2019-19794 For more information Please consult our...

5.9CVSS3.2AI score0.02066EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/12/13 10:15 p.m.33 views

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9CVSS6.6AI score0.02066EPSS
Exploits1References5
Cvelist
Cvelist
added 2019/12/13 9:46 p.m.39 views

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9AI score0.02066EPSS
Exploits1References5
CVE
CVE
added 2019/12/13 9:46 p.m.212 views

CVE-2019-19794

The CVE-2019-19794 issue affects the miekg/dns Go DNS package prior to 1.1.25 (used by CoreDNS before 1.6.6 and other products). The root cause is use of math/rand for TXID generation, making TXIDs predictable and enabling response forgery. Remediation: update to miekg/dns v1.1.25 or later (and C...

5.9CVSS5.8AI score0.02066EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2019/12/13 9:46 p.m.39 views

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9CVSS6.8AI score0.02066EPSS
Exploits1
Rows per page
Query Builder