CVE-2014-4883

MEDIUM Year: 2014
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-345
View all →

Vulnerability Description

resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Related Vulnerabilities

CVE-2022-3703

CRITICAL
CVSS:10.0(Critical)

All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide pri...

CWE-3452022

CVE-2020-6081

CRITICAL
CVSS:9.9(Critical)

An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote cod...

CWE-3452020

CVE-2022-36130

CRITICAL
CVSS:9.9(Critical)

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized u...

CWE-3452022

CVE-2013-2167

CRITICAL
CVSS:9.8(Critical)

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

CWE-3452013

CVE-2015-3956

CRITICAL
CVSS:9.8(Critical)

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pum...

CWE-3452015

CVE-2016-1000004

CRITICAL
CVSS:9.8(Critical)

Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0...

CWE-3452016