94 matches found
GHSA-XMV7-R254-6Q78 Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port
Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...
EulerOS 2.0 SP10 : avahi (EulerOS-SA-2026-1327)
According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after...
EulerOS Virtualization 2.10.0 : avahi (EulerOS-SA-2026-1549)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them...
CVE-2010-0362
Zeus Web Server before 4.3r5 does not use random transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses...
EulerOS 2.0 SP11 : avahi (EulerOS-SA-2025-2473)
According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...
EulerOS 2.0 SP11 : avahi (EulerOS-SA-2025-2454)
According to the versions of the avahi package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS...
CVE-2025-11728
The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...
EUVD-2025-34540
The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...
EUVD-2021-12569
Malware in sbrugna...
EUVD-2010-0393
Malware in sbrugna...
EUVD-2008-4084
Malware in sbrugna...
EUVD-2008-3616
Malware in sbrugna...
EUVD-2008-1155
Malware in sbrugna...
EUVD-2008-1157
Malware in sbrugna...
EUVD-2008-4109
Malware in sbrugna...
RLSA-2025:7437 Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...
EUVD-2022-52246
Malicious code in bioql PyPI...
EUVD-2024-46029
Malicious code in bioql PyPI...
EUVD-2023-12721
Malicious code in bioql PyPI...