Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cache poisoning vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-25926
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.
Hcc-embedded Nichestack Tcp\\/ip 4.0.1
668
VMScore
CVE-2008-3436
The GUP generic update process in Notepad++ prior to 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Notepad\\+\\+ Notepad\\+\\+
445
VMScore
CVE-2020-17470
An issue exists in FNET up to and including 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks.
Butok Fnet
NA
CVE-2022-43562
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning.
Splunk Splunk
Splunk Splunk Cloud Platform
NA
CVE-2022-33988
dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.
Dproxy-nexgen Project Dproxy-nexgen -
NA
CVE-2022-40743
Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...
Apache Traffic Server
NA
CVE-2022-33989
dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.
Dproxy-nexgen Project Dproxy-nexgen -
668
VMScore
CVE-2008-3440
Sun Java 1.6.0_03 and previous versions versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache pois...
Sun Java 1.6.0
Sun Java
312
VMScore
CVE-2007-0124
Unspecified vulnerability in Drupal prior to 4.6.11, and 4.7 prior to 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for pages that exist.
Drupal Drupal 4.6.4
Drupal Drupal 4.6.5
Drupal Drupal 4.6.2
Drupal Drupal 4.6.3
Drupal Drupal 4.7
Drupal Drupal 4.7.0
Drupal Drupal 4.7.1
Drupal Drupal 4.7.2
Drupal Drupal 4.6.1
Drupal Drupal 4.6.10
Drupal Drupal 4.6.8
Drupal Drupal 4.6.9
Drupal Drupal 4.6
Drupal Drupal 4.6.0
Drupal Drupal 4.6.6
Drupal Drupal 4.6.7
Drupal Drupal 4.7.3
Drupal Drupal 4.7.4
445
VMScore
CVE-2016-3725
Jenkins prior to 2.3 and LTS prior to 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption).
Jenkins Jenkins
Redhat Openshift 3.1
Redhat Openshift 3.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »