Lucene search
K

215 matches found

Veracode
Veracode
added 2024/02/19 4:50 a.m.22 views

Insecure Randomness

github.com/greenpau/go-authcrunch is vulnerable to Insecure Randomness. The vulnerability is caused due to using math/rand Golang library with a seed based on the Unix timestamp to generate strings for three security-critical contexts in the application. Attackers could use the potentially...

9.8CVSS7AI score0.0068EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/02/17 6:30 a.m.22 views

GHSA-C7VF-M394-M4X4 Use of Insufficiently Random Values in github.com/greenpau/caddy-security

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.5CVSS7.9AI score0.0068EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/02/17 6:30 a.m.29 views

Use of Insufficiently Random Values in github.com/greenpau/caddy-security

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

9.8CVSS7.1AI score0.0068EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/02/17 5:15 a.m.39 views

CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

9.8CVSS6.5AI score0.0068EPSS
Exploits0References4
Prion
Prion
added 2024/02/17 5:15 a.m.47 views

Authentication flaw

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.4CVSS7.4AI score0.0068EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/17 5:0 a.m.14 views

CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.5CVSS7AI score0.0068EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/17 5:0 a.m.44 views

CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.5CVSS6.8AI score0.0068EPSS
Exploits0References4
OSV
OSV
added 2024/02/17 5:0 a.m.28 views

CVE-2024-21495

Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for...

6.5CVSS7.1AI score0.0068EPSS
Exploits0References6
CVE
CVE
added 2024/02/17 5:0 a.m.101 views

CVE-2024-21495

The CVE-2024-21495 entry concerns the Go package github.com/greenpau/caddy-security (versions before 1.0.42). Root cause: insecure randomness used in multiple contexts (OAuth nonce, MFA secrets, API key generation) due to an insecure RNG library, enabling potential replay or predictability attack...

9.8CVSS6.5AI score0.0068EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/02/17 12:0 a.m.5 views

caddy-security Security Vulnerabilities

caddy-security is a security application and plugin for Caddy. A security vulnerability exists in versions prior to caddy-security 1.0.42 that stems from the use of an insecure random number generation library that is susceptible to insecure randomness...

9.8CVSS6.8AI score0.0068EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2023/09/28 12:0 a.m.11 views

The vulnerability of the library for handling Bitcoin transactions and blocks in Libbitcoin Explorer (BX) allows a hacker to expose the protected information.

The vulnerability of the Libbitcoin Explorer BX for processing Bitcoin transactions and blocks is related to the use of a insecure random number generator program. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose sensitive information...

7.8CVSS7.1AI score0.01312EPSS
Exploits1References7Affected Software1
Snyk
Snyk
added 2023/09/18 1:48 p.m.9 views

Insecure Randomness

Amendment This was deemed not a vulnerability. Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted...

9.8CVSS7.1AI score0.0068EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/18 1:48 p.m.2 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in th...

9.8CVSS7.2AI score0.0068EPSS
Exploits0References2
Snyk
Snyk
added 2023/09/18 1:48 p.m.2 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in th...

9.8CVSS7.2AI score0.0068EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/02 12:0 a.m.5 views

Open-Xchange AppSuite Security Feature Issue Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, and more. A security signature issue vulnerability exists in Open-Xchange AppSuite that stems from the integrated oAuth...

7.5CVSS6.7AI score0.00995EPSS
Exploits0References7
OSV
OSV
added 2023/06/12 3:30 a.m.4 views

GHSA-3W3W-PXMM-2W2J crypto-js uses insecure random numbers

The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5.3CVSS7.1AI score0.01075EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.4 views

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

9.9CVSS8AI score0.01853EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/05/25 8:26 a.m.28 views

CVE-2023-2884 Insecure Randomness in CBOT's Chatbot

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

9.8CVSS9.8AI score0.00692EPSS
Exploits0References2
Veracode
Veracode
added 2023/05/12 9:49 a.m.21 views

Insecure Randomness

github.com/cloudflare/circl is vulnerable to Insecure Randomness. Kyber and FrodoKEM did not check whether crypto/rand.Read returned an error, leading to a predictable shared secret. The tkn20 and blindrsa components did not check if enough randomness was returned from the user provided randomnes...

8.2CVSS6.2AI score0.00386EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2023/04/03 12:0 a.m.19 views

Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Multiple Vulnerabilities (GHSA-h3c9-cmh8-7qpj, GHSA-ch7f-px7m-hg25, GHSA-5w64-6c42-rgcv, GHSA-7w2p-rp9m-9xp9)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

9CVSS6.5AI score0.04176EPSS
Exploits3References4
Rows per page
Query Builder