SUSE CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

FreeBSD : FreeBSD -- Insufficient response validation in the ldns stub resolver (fc0c7763-6477-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc0c7763-6477-11f1-958d-bc241121aa0a advisory. When used as a stub resolver over UDP, ldns failed to verify that a received response belonged to the...

Linux Distros Unpatched Vulnerability : CVE-2026-10846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and...

CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

EUVD-2026-35991

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

CVE-2026-10846 Insufficient verification that responses belong to a query

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

CVE-2026-10846

CVE-2026-10846 affects nlnts ldns used as a stub resolver over UDP. FreeBSD advisories confirm that ldns failed to verify response provenance (source IP/port, transaction ID, and question matching), enabling off‑path spoofing of UDP responses and arbitrary data delivery to programs using ldns (e....

PT-2026-48381

Name of the Vulnerable Software and Affected Versions NLnet Labs ldns versions 1.2.0 through 1.9.0 Description When used in applications as a stub resolver over UDP, the software fails to match the query destination address and port with the response source address and port. Additionally, it does...

One (Thread) Can Keep a (PRNG) Secret, but Not Two

We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator PRNG to cryptanalytically break, learn t...

Astra Linux – Vulnerability in NTP

In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, ntpd allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address. This occurs because transmissions are rescheduled even when a packet lacks a valid origin timestamp...

Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in the Linux kernel through version 5.16.11. The mixed IPID assignment method, combined with the hash-based IPID assignment policy, allows an off-path attacker to inject data into a victim’s TCP session or terminate that session...

EUVD-2026-16128

When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. If an attacker is either on path with an established TCP connection, or can themselves...

UBUNTU-CVE-2026-23247

In the Linux kernel, the following vulnerability has been resolved: tcp: secureseq: add back ports to TS offset This reverts 28ee1b746f49 "secureseq: downgrade to per-host timestamp offsets" tcptwrecycle went away in 2017. Zhouyan Deng reported off-path TCP source port leakage via SYN cookie...

MiracleLinux 7 : dnsmasq-2.76-16.el7.1 (AXSA:2021-1266:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1266:01 advisory. dnsmasq: loose address/port check in replyquery makes forging replies easier for an off-path attacker CVE-2020-25684 dnsmasq: loose query name check...

MiracleLinux 4 : dnsmasq-2.48-18.0.1.AXS4 (AXSA:2021-1429:04)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1429:04 advisory. dnsmasq: loose address/port check in replyquery makes forging replies easier for an off-path attacker CVE-2020-25684 dnsmasq: loose query name check...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003981)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003981 advisory. A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001466)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001466 advisory. A flaw in the processing of received ICMP errors ICMP fragment needed and ICMP redirect in the Linux kernel functionality was found to allow the ability to quickly...

OpenWRT <= 24.10.4 DoS Vulnerability

OpenWRT is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openwrt:openwrt";...

EUVD-2016-2642

Malware in sbrugna...

EUVD-2019-3012

Malware in sbrugna...