Vulnerabilities (CVE)

Filtered by vendor Totd Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34295 1 Totd Project 1 Totd 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
totd before 1.5.3 does not properly randomize mesg IDs.
CVE-2022-34294 1 Totd Project 1 Totd 2024-11-21 N/A 9.8 CRITICAL
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.