35 matches found
PowerDNS DNSdist 安全漏洞
PowerDNS DNSdist is a proxy software provided by PowerDNS, which offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a security vulnerability that stems from malicious backends capable of sending specially crafted UDP responses with query IDs differing...
CVE-1999-0024
DNS cache poisoning via BIND, by predictable query IDs...
Important: bind
Issue Overview: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12,...
EUVD-1999-0024
Malware in sbrugna...
Amazon Linux 2 : c-ares (ALAS-2024-2646)
The version of c-ares installed on the remote host is prior to 1.19.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2646 advisory. Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to...
Medium: c-ares
Issue Overview: Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from th...
EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-3066)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
EulerOS 2.0 SP10 : c-ares (EulerOS-SA-2023-2804)
According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...
EulerOS Virtualization 2.11.1 : c-ares (EulerOS-SA-2023-3049)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
EulerOS Virtualization 2.10.1 : c-ares (EulerOS-SA-2023-2913)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
c-ares: Insufficient randomness in generation of DNS query IDs
A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...
c-ares: Insufficient randomness in generation of DNS query IDs
A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...
c-ares: Insufficient randomness in generation of DNS query IDs
A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...
Important: Red Hat Security Advisory: nodejs security update
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
c-ares: Insufficient randomness in generation of DNS query IDs
A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...
c-ares: Insufficient randomness in generation of DNS query IDs
A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...
Important: c-ares
Issue Overview: A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVE-2022-49...
CVE-2023-31147 Insufficient randomness in generation of DNS query IDs in c-ares
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
SUSE CVE-2023-31147
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
OpenJDK: missing randomization of JNDI DNS client query IDs (JNDI, 8030731)
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI...