Lucene search
+L

9 matches found

osv
osv
added 2026/06/04 7:50 p.m.10 views

GHSA-XGX4-4H9W-53PV AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

6.9CVSS5.7AI score0.00047EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.21 views

PT-2026-46871

Summary This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ...

6.9CVSS5.7AI score
Exploits0References4
gitlab
gitlab
added 2026/06/04 12:0 a.m.16 views

AdGuard Home: DoQ-to-UDP State Reduction and Source-Port Oracle

This report covers the client-triggered DoQ forwarding path in: - dnsproxy v0.81.2 adguard/dnsproxy:v0.81.2 - AdGuard Home v0.107.74 adguard/adguardhome:latest, image version label v0.107.74 The issue was reproduced on 2026-04-25 with the products configured through their documented DoQ listener...

6.3CVSS5.8AI score0.00047EPSS
Exploits0References4Affected Software1
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : nodejs:18 (AXSA:2023-6083:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6083:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: Buffer Underwrite in aresinetnetpton CVE-2023-31130 c-ares: Insufficient...

7.5CVSS7.7AI score0.01577EPSS
Exploits0References5
nessus
nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : nodejs:18 (AXSA:2023-6227:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6227:01 advisory. c-ares: 0-byte UDP payload Denial of Service CVE-2023-32067 c-ares: buffer overflow in configsortlist due to missing string length check CVE-2022-49...

8.6CVSS8.6AI score0.01577EPSS
Exploits1References6
osv
osv
added 2023/05/25 10:15 p.m.7 views

AZL-26875 CVE-2023-31147 affecting package nodejs18 for versions less than 18.17.1-2

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

6.5CVSS6.7AI score0.00905EPSS
Exploits0References1
osv
osv
added 2023/05/25 10:15 p.m.12 views

AZL-43702 CVE-2023-31147 affecting package python-pycares 3.1.1-3

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

6.5CVSS6.7AI score0.00905EPSS
Exploits0References1
veracode
veracode
added 2022/01/11 2:10 p.m.18 views

DNS Spoofing

dnslib is vulnerable to DNS spoofing attacks. A remote unauthenticated attacker is able to potentially deceive the user with a malicious DNS ID because the library does not verify whether the ID value in a DNS reply matches an ID value in a query...

7.5CVSS3.3AI score0.00844EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2007/12/17 12:0 a.m.37 views

Perl Net::DNS package multiple security vulnerabilities

Weak DNS ID generation allows response spoofing, DoS on parsing DNS request...

5CVSS4AI score0.09547EPSS
Exploits3References2
Rows per page
Query Builder