Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Github Security Blog
Github Security Blogadded 2021/05/18 9:9 p.m.46 views

miekg/dns insecurely generates random numbers

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9CVSS6.1AI score0.00297EPSS
Exploits1References10Affected Software1
RedhatCVE
RedhatCVEadded 2020/11/05 11:59 a.m.31 views

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9CVSS3.1AI score0.00297EPSS
Exploits1References3
OSV
OSVadded 2019/12/13 10:15 p.m.24 views

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

5.9CVSS6.6AI score
Exploits0References5
Prion
Prionadded 2019/12/13 10:15 p.m.22 views

Design/Logic Flaw

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

4.3CVSS5.8AI score0.00297EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Stormadded 2017/04/13 12:0 a.m.35 views

Nintendo 3DS DNS Client Resolver Predictable TXID

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from...

7.4AI score
Exploits0
seebug.org
seebug.orgadded 2017/04/13 12:0 a.m.13 views

Nintendo: 3DS DNS Client Resolver Library Uses Predictable TXID

I bought a New Nintendo 3DS XL US with firmware 11.2.0-35U, and I've noticed that that DNS client resolved on the 3DS uses a simple incrementing TXID for lookups. This does not provide enough entropy to prevent remote attackers from spoofing responses. For example, see MS08-020 when this happened...

6.9AI score
Exploits0
OpenVAS
OpenVASadded 2011/01/06 12:0 a.m.32 views

Nmap NSE: DNS Random TXID

This script attempts to check a DNS server for the predictable-TXID DNS recursion vulnerability. This is a wrapper on the Nmap Security Scanner's http://nmap.org dns-random-txid.nse. OpenVAS Vulnerability Test $Id: gbnmapdnsrandomtxid.nasl 7006 2017-08-25 11:51:20Z teissa $ Wrapper for Nmap DNS...

5CVSS7AI score0.87662EPSS
Exploits20
Nmap
Nmapadded 2008/11/06 2:52 a.m.294 views

dns-random-txid NSE Script

Checks a DNS server for the predictable-TXID DNS recursion vulnerability. Predictable TXID values can make a DNS server vulnerable to cache poisoning attacks see CVE-2008-1447. The script works by querying txidtest.dns-oarc.net see . Be aware that any targets against which this script is run will...

10CVSS0.94176EPSS
Exploits53
Rows per page
Query Builder