CVE-2024-52616

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-334
View all →

Vulnerability Description

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

Related Vulnerabilities

CVE-2022-20941

MEDIUM
CVSS:5.3(Medium)

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. This vulnerab...

CWE-3342022

CVE-2022-33707

MEDIUM
CVSS:5.3(Medium)

Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.

CWE-3342022

CVE-2023-6951

MEDIUM
CVSS:6.6(Medium)

A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the...

CWE-3342023

CVE-2023-39979

CRITICAL
CVSS:9.8(Critical)

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficie...

CWE-3342023

CVE-2021-21955

HIGH
CVSS:7.7(High)

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to passwor...

CWE-3342021

CVE-2022-22517

HIGH
CVSS:7.5(High)

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel...

CWE-3342022