80 matches found
WinSCP < 6.3.3 Key Recovery Attack Vulnerability
The version of WinSCP installed on the remote Windows host is prior to 6.3.3. It is, therefore, affected by a key recovery attack vulnerability. In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in...
CVE-2024-4390
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...
CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...
CVE-2024-4390
CVE-2024-4390 affects Slider & Popup Builder by Depicter for WordPress. The root cause is Arbitrary Nonce Generation in versions up to 3.0.2, enabling authenticated attackers with contributor-level access to forge nonce for WordPress actions protected by nonce checks. The CVE is rated Medium (CVS...
WordPress Depicter plugin <= 3.0.2 - Authenticated Arbitrary Nonce Generation vulnerability
Authenticated Arbitrary Nonce Generation vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Depicter Slider versions = 3.0.2...
Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
openSUSE 15 Security Update : putty (openSUSE-SU-2024:0111-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0111-1 advisory. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack i...
CVE-2024-31497
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant...
Deploying a Console to the Same Address Across Different Supported Chains Could Become Impossible
Lines of code Vulnerability details Impact In Brahma, Users can interact with SafeDeployer::deployConsoleAccount to deploy console accounts/wallets. To deploy the wallet to the same address across all supported chains, the user needs to interact with the deployConsoleAccount function on all chain...
K05405841: GCM nonce vulnerability CVE-2016-0270
Security Advisory Description IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce i...
SUSE CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...
SUSE CVE-2021-45451
In Mbed TLS before 3.1.0, psaaeadgeneratenonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...
GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...
CVE-2022-31157
CVE-2022-31157 concerns the packbackbooks/lti-1-3-php-library. Before version 5.0, the nonce generation function was not cryptographically strong, enabling potential predictability of tokens and forgery of tokens. Affected software is the LTI 1.3 Tool Library implemented in PHP; the issue is a cr...
LTI 1.3 Tool Library 安全特征问题漏洞
The LTI 1.3 Tool Library is a library of LTI 1.3 tool providers for building IMS certifications in PHP. A security feature issue vulnerability exists in versions of the LTI 1.3 Tool Library prior to 5.0, which stems from the LTI 1.3 Tool Library is a library used to build LTI 1.3 tool providers f...
CVE-2022-29035
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...
CVE-2022-29035
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...
Design/Logic Flaw
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...
CVE-2022-29035
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...
CVE-2022-29035
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...