Lucene search
+L

80 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/09 12:0 a.m.67 views

WinSCP < 6.3.3 Key Recovery Attack Vulnerability

The version of WinSCP installed on the remote Windows host is prior to 6.3.3. It is, therefore, affected by a key recovery attack vulnerability. In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in...

5.9CVSS6.9AI score0.05773EPSS
Exploits0References2
NVD
NVD
added 2024/06/20 4:15 a.m.27 views

CVE-2024-4390

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...

6.5CVSS0.00514EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/20 3:37 a.m.32 views

CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...

6.5CVSS0.00514EPSS
Exploits0References3
CVE
CVE
added 2024/06/20 3:37 a.m.58 views

CVE-2024-4390

CVE-2024-4390 affects Slider & Popup Builder by Depicter for WordPress. The root cause is Arbitrary Nonce Generation in versions up to 3.0.2, enabling authenticated attackers with contributor-level access to forge nonce for WordPress actions protected by nonce checks. The CVE is rated Medium (CVS...

6.5CVSS6.5AI score0.00514EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/06/19 5:16 p.m.7 views

WordPress Depicter plugin <= 3.0.2 - Authenticated Arbitrary Nonce Generation vulnerability

Authenticated Arbitrary Nonce Generation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Depicter Slider versions = 3.0.2...

6.5CVSS6.9AI score0.00514EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/25 12:0 a.m.23 views

Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)

The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

5.9CVSS7.7AI score0.05773EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/04/24 12:0 a.m.21 views

openSUSE 15 Security Update : putty (openSUSE-SU-2024:0111-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0111-1 advisory. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack i...

5.9CVSS7.7AI score0.05773EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/04/15 8:15 p.m.70 views

CVE-2024-31497

In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...

5.9CVSS7AI score0.05773EPSS
Exploits0References22
Code423n4
Code423n4
added 2023/10/20 12:0 a.m.12 views

Deploying a Console to the Same Address Across Different Supported Chains Could Become Impossible

Lines of code Vulnerability details Impact In Brahma, Users can interact with SafeDeployer::deployConsoleAccount to deploy console accounts/wallets. To deploy the wallet to the same address across all supported chains, the user needs to interact with the deployConsoleAccount function on all chain...

7.1AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.49 views

K05405841: GCM nonce vulnerability CVE-2016-0270

Security Advisory Description IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce i...

5.9CVSS5.8AI score0.03099EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.7 views

SUSE CVE-2018-1312

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

5.9CVSS9.1AI score0.15885EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.4 views

SUSE CVE-2021-45451

In Mbed TLS before 3.1.0, psaaeadgeneratenonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

7.5CVSS7.5AI score0.00923EPSS
Exploits0References3
OSV
OSV
added 2022/07/15 8:55 p.m.78 views

GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

7.5CVSS7.4AI score0.0042EPSS
Exploits0References5
CVE
CVE
added 2022/07/15 5:15 p.m.79 views

CVE-2022-31157

CVE-2022-31157 concerns the packbackbooks/lti-1-3-php-library. Before version 5.0, the nonce generation function was not cryptographically strong, enabling potential predictability of tokens and forgery of tokens. Affected software is the LTI 1.3 Tool Library implemented in PHP; the issue is a cr...

7.5CVSS7.4AI score0.0042EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/07/15 12:0 a.m.6 views

LTI 1.3 Tool Library 安全特征问题漏洞

The LTI 1.3 Tool Library is a library of LTI 1.3 tool providers for building IMS certifications in PHP. A security feature issue vulnerability exists in versions of the LTI 1.3 Tool Library prior to 5.0, which stems from the LTI 1.3 Tool Library is a library used to build LTI 1.3 tool providers f...

7.5CVSS7.2AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2022/04/11 7:15 p.m.28 views

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

4CVSS0.00596EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/11 7:15 p.m.5 views

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

4CVSS5.8AI score0.00596EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/04/11 7:15 p.m.21 views

Design/Logic Flaw

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

4CVSS4.2AI score0.00596EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/04/11 6:12 p.m.24 views

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

3.3CVSS4.5AI score0.00596EPSS
Exploits0References2
OSV
OSV
added 2022/04/11 6:12 p.m.20 views

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

3.3CVSS7AI score0.00596EPSS
Exploits0References4
Rows per page
Query Builder