41 matches found
GHSA-XMV7-R254-6Q78 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...
PT-2026-47609
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description The DNS resolver in the io.netty.resolver.dns module uses a predictable Pseudo-Random Number Generator PRNG for generating DNS transaction IDs and defaults ...
CVE-2026-32694
In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...
EulerOS 2.0 SP10 : avahi (EulerOS-SA-2026-1301)
According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after...
EulerOS Virtualization 2.10.1 : avahi (EulerOS-SA-2026-1529)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them...
EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-1549)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them...
EulerOS 2.0 SP11 : avahi (EulerOS-SA-2025-2454)
According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...
RLSA-2025:7437 Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...
CVE-2010-1689
The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and...
ALSA-2025:7437 Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...
Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...
SUSE-SU-2025:20308-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2024-52616: Fixed predictable transaction IDs for Wide-Area DNS bsc1233420 - Drop rcFOO symlinks jscPED-266...
MGASA-2025-0007 Updated avahi packages fix security vulnerabilities
Avahi wide-area dns uses constant source port. CVE-2024-52615 Avahi wide-area dns predictable transaction ids. CVE-2024-52616...
Updated avahi packages fix security vulnerabilities
Avahi wide-area dns uses constant source port. CVE-2024-52615 Avahi wide-area dns predictable transaction ids. CVE-2024-52616...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : avahi (SUSE-SU-2024:4386-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:4386-1 advisory. - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs bsc1233420 Other fixes: - no long...
Security update for avahi
This update for avahi fixes the following issues: CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs bsc1233420 Other fixes: - no longer supply bogus services to callbacks bsc1226586. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...
SUSE-SU-2024:4386-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs bsc1233420 Other fixes: - no longer supply bogus services to callbacks bsc1226586...
Medium: avahi
Issue Overview: avahi: Avahi Wide-Area DNS Uses Constant Source Port CVE-2024-52615 avahi: Avahi Wide-Area DNS Predictable Transaction IDs CVE-2024-52616 Affected Packages: avahi Issue Correction: Run dnf update avahi --releasever 2023.6.20241212 or dnf update --advisory ALAS2023-2024-771...
Medium: avahi
Issue Overview: avahi: Avahi Wide-Area DNS Uses Constant Source Port CVE-2024-52615 avahi: Avahi Wide-Area DNS Predictable Transaction IDs CVE-2024-52616 Affected Packages: avahi Issue Correction: Run dnf update avahi --releasever 2023.6.20241212 to update your system. New Packages: aarch64: ...
SUSE-SU-2024:4225-1 Security update for avahi
This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs bsc1233420...