Lucene search
K

4 matches found

OSV
OSV
added 2026/06/12 2:16 p.m.2 views

CVE-2026-45673 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entrop...

6.8CVSS5.9AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/10 12:5 p.m.14 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.8AI score0.00969EPSS
Exploits5References35
Github Security Blog
Github Security Blog
added 2026/06/08 11:2 p.m.14 views

Netty has Insufficient Bailiwick Validation for NS Records

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

10CVSS5.5AI score0.00292EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:12 a.m.17 views

Netty has a DNS Codec Input Validation Bypass (Encoder + Decoder)

Security Vulnerability Report: DNS Codec Input Validation Bypass in Netty Encoder + Decoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-dns | | Component | io.netty.handler.codec.dns.DnsCodecUtil | |...

9.1CVSS5.8AI score0.00969EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder