Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-3435
LinkedIn Browser Toolbar 3.0.3.1100 and previous versions does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Linkedin Browser Toolbar
5
CVSSv2
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.
Hcc-embedded Nichestack Tcp/ip 4.0.1
7.5
CVSSv2
CVE-2008-3433
SpeedBit Download Accelerator Plus (DAP) prior to 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Speedbit Download Accelerator Plus 8.0
Speedbit Download Accelerator Plus 8.5
Speedbit Download Accelerator Plus
Speedbit Download Accelerator Plus 8.1
NA
CVE-2022-33988
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.
Dproxy-nexgen Project Dproxy-nexgen -
NA
CVE-2022-33989
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.
Dproxy-nexgen Project Dproxy-nexgen -
NA
CVE-2022-43562
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
Splunk Splunk
Splunk Splunk Cloud Platform
5
CVSSv2
CVE-2020-17470
An issue exists in FNET up to and including 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.
Butok Fnet
7.5
CVSSv2
CVE-2008-3436
The GUP generic update process in Notepad++ prior to 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Notepad++ Notepad++
NA
CVE-2022-40743
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...
Apache Traffic Server
6.8
CVSSv2
CVE-2014-6106
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote malicious users to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via u...
Ibm Security Identity Manager 5.1.0.6
Ibm Security Identity Manager 5.1.0.10
Ibm Security Identity Manager 5.1.0.9
Ibm Security Identity Manager 6.0.0.3
Ibm Security Identity Manager 5.1.0.3
Ibm Security Identity Manager 6.0.0.2
Ibm Security Identity Manager 5.1.0
Ibm Security Identity Manager 6.0.0.0
Ibm Security Identity Manager 5.1.0.5
Ibm Security Identity Manager 5.1.0.15
Ibm Security Identity Manager 5.1.0.14
Ibm Security Identity Manager 5.1.0.8
Ibm Security Identity Manager 5.1.0.13
Ibm Security Identity Manager 6.0.0.1
Ibm Security Identity Manager 5.1.0.11
Ibm Security Identity Manager 5.1.0.12
Ibm Security Identity Manager 5.1.0.7
Ibm Security Identity Manager 5.1.0.4
Ibm Security Identity Manager 7.0.0.0
Ibm Security Identity Manager 6.0.0.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824
CVE-2024-30095
CVE-2024-30104
client side
CVE-2024-5840
CVE-2024-34405
unprivileged
wireless
CVE-2024-4577
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »