GHSA-XMV7-R254-6Q78 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-1549)

According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them...

EulerOS 2.0 SP10 : avahi (EulerOS-SA-2026-1327)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after...

CVE-2010-0362

Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses...

EulerOS 2.0 SP11 : avahi (EulerOS-SA-2025-2454)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...

EulerOS 2.0 SP11 : avahi (EulerOS-SA-2025-2473)

According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...

CVE-2025-11728

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

EUVD-2025-34540

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

EUVD-2021-12569

Malware in sbrugna...

EUVD-2008-4084

Malware in sbrugna...

EUVD-2008-3616

Malware in sbrugna...

EUVD-2008-1155

Malware in sbrugna...

EUVD-2008-1157

Malware in sbrugna...

EUVD-2008-4109

Malware in sbrugna...

EUVD-2010-0393

Malware in sbrugna...

RLSA-2025:7437 Moderate: avahi security update

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...

EUVD-2024-46029

Malicious code in bioql PyPI...

EUVD-2023-12721

Malicious code in bioql PyPI...

EUVD-2022-52246

Malicious code in bioql PyPI...