CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

Progress Software DataDirect Connect 安全特征问题漏洞

Progress Software DataDirect Connect is a data connectivity solution from Progress Software, Inc. that can run in the cloud or locally. A security vulnerability previously existed in Progress Software DataDirect Connect version 08.02.2770, which arose when using Oracle Advanced Security OAS...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

CVE-2022-43485 Insecure random number used for generating keys for signing Jwt tokens

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

GHSA-R4XG-4WRV-W72H Duplicate Advisory: Lemur subject to insecure random generation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5fqv-mpj8-h7gm. This link is maintained to preserve external references. Original Description Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The...

CVE-2023-30797 Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...

Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...

GHSA-MHHF-VGWH-FW9H Passeo uses insecure random number generator

Impact Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the passwords being easily able to be guessed with Passeo's use of the random library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches...

PT-2022-16013 · Python · Random +1

Name of the Vulnerable Software and Affected Versions: Passeo versions prior to 1.0.5 Description: Passeo is an open source python password generator that relies on the python random library for random value selection in versions prior to 1.0.5. The python random library is not suitable for...

Insecure Random Number Generator

phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists in the generatePasswordResetToken function of User.php because of the insecure mtrand random number generator function which allows an attacker to guess the reset password hashes...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

SAP Customer Data Cloud Gigya mobile app for Android - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings...

CVE-2022-41210

CVE-2022-41210 affects SAP Customer Data Cloud (Gigya mobile app for Android) version 7.4. The issue is caused by an insecure random number generator, making it easy to predict future random numbers and enabling information disclosure and modification of certain user settings. Sources across mult...

Insecure Random

otp-generator is using insecure random. It generates random number for one-time passwords by using insecure Math.Random, allowing an attacker to brute-force...

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

CVE-2022-26779

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...

CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...