Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
4
CVSSv3
CVE-2017-1773
IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817.
Ibm Datapower Gateway
NA
CVE-2024-21507
Versions of the package mysql2 prior to 3.9.3 are vulnerable to Improper Input Validation through the keyFromFields function, resulting in cache poisoning. An attacker can inject a colon (:) character within a value of the attacker-crafted key.
NA
CVE-2008-3434
Apple iTunes prior to 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Apple Itunes 1.1.2
Apple Itunes 2.0
Apple Itunes 4.0
Apple Itunes 4.0.1
Apple Itunes 4.9
Apple Itunes 5.0
Apple Itunes 6.0.4.2
Apple Itunes
Apple Itunes 2.0.1
Apple Itunes 2.0.2
Apple Itunes 4.1
Apple Itunes 4.2
Apple Itunes 5.0.1
Apple Itunes 6.0
Apple Itunes 1.0
Apple Itunes 2.0.3
Apple Itunes 2.0.4
Apple Itunes 4.5
Apple Itunes 4.6
Apple Itunes 6.0.1
Apple Itunes 6.0.2
Apple Itunes 1.1
NA
CVE-2008-3437
OpenOffice.org (OOo) prior to 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Openoffice Openoffice.org 2.0
Openoffice Openoffice.org 2.0.2
Openoffice Openoffice.org 2.0.3
Openoffice Openoffice.org 2.0.4
Openoffice Openoffice.org 1.1.5
8.1
CVSSv3
CVE-2008-3438
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Apple Mac Os X
NA
CVE-2008-3441
Nullsoft Winamp prior to 5.24 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Nullsoft Winamp
NA
CVE-2008-3439
SpeedBit Video Acceleration prior to 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Speedbit Speedbit Video Accelerator
4.7
CVSSv3
CVE-2017-9071
In MODX Revolution prior to 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.
Modx Modx Revolution
NA
CVE-2008-3435
LinkedIn Browser Toolbar 3.0.3.1100 and previous versions does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Linkedin Browser Toolbar
7.5
CVSSv3
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.
Hcc-embedded Nichestack Tcp\\/ip 4.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »