Filtered by vendor Totd Project Subscriptions
Filtered by product Totd Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-34295 1 Totd Project 1 Totd 2024-11-21 6.5 Medium
totd before 1.5.3 does not properly randomize mesg IDs.
CVE-2022-34294 1 Totd Project 1 Totd 2024-11-21 9.8 Critical
totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. This allows DNS cache poisoning because there is not enough entropy to prevent traffic injection attacks.