Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:45 a.m.5 views

CVE-2010-0362

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses...

5CVSS6.8AI score0.0147EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-12569

Malware in sbrugna...

5.3CVSS5.3AI score0.01061EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2008-1155

Malware in sbrugna...

6.8CVSS6.4AI score0.01379EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2008-1157

Malware in sbrugna...

6.8CVSS6.4AI score0.01424EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-46029

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00681EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 10:48 p.m.9 views

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.8AI score0.11264EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/12/11 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2024:4282-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.3AI score0.00681EPSS
Exploits0References2
OSV
OSV
added 2024/11/21 9:15 p.m.7 views

CVE-2024-52616

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs...

5.3CVSS6.4AI score0.00681EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/21 8:41 p.m.14 views

CVE-2024-52616 Avahi: avahi wide-area dns predictable transaction ids

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs...

5.3CVSS5.1AI score0.00681EPSS
Exploits0References4
Prion
Prion
added 2023/05/11 2:15 a.m.18 views

Design/Logic Flaw

In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...

5CVSS7.4AI score0.00645EPSS
Exploits0References2Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.4AI score0.11264EPSS
Exploits0References3
OSV
OSV
added 2022/05/06 5:15 a.m.13 views

AZL-9702 CVE-2022-30295 affecting package uclibc-ng for versions less than 1.0.41-1

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.6AI score0.11264EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/05/06 4:43 a.m.47 views

CVE-2022-30295

uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2...

6.5CVSS6.4AI score0.11264EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/09/01 12:0 a.m.43 views

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit th...

6.8CVSS6.6AI score0.95182EPSS
Exploits20References3
OpenVAS
OpenVAS
added 2008/09/03 12:0 a.m.32 views

Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020, 945553)

The remote host is probably affected by the vulnerability described in CVE-2008-0087 SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

8.8CVSS6.8AI score0.31366EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2008/08/08 12:0 a.m.42 views

ruby -- DNS spoofing vulnerability

The official ruby site reports: resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports...

6.8CVSS7AI score0.95182EPSS
Exploits20References1
Debian CVE
Debian CVE
added 2008/07/08 11:0 p.m.51 views

CVE-2008-1447

The DNS protocol, as implemented in 1 BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; 2 Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referral...

6.8CVSS6.6AI score0.95182EPSS
Exploits20
Cvelist
Cvelist
added 2008/04/08 11:0 p.m.30 views

CVE-2008-0087

The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses...

7.3AI score0.31366EPSS
Exploits0References10
NVD
NVD
added 2008/03/04 11:44 p.m.28 views

CVE-2008-1148

A certain pseudo-random number generator PRNG algorithm that uses ADD with 0 random hops aka "Algorithm A0", as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as 1 DNS transaction IDs or 2 IP fragmentation IDs by observing a...

6.8CVSS6.9AI score0.01424EPSS
Exploits0References7
Prion
Prion
added 2008/03/04 11:44 p.m.19 views

Design/Logic Flaw

A certain pseudo-random number generator PRNG algorithm that uses ADD with 0 random hops aka "Algorithm A0", as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as 1 DNS transaction IDs or 2 IP fragmentation IDs by observing a...

6.8CVSS7.4AI score0.01424EPSS
Exploits0References7Affected Software3
Rows per page
Query Builder