87 matches found
Generation of Predictable Numbers or Identifiers
Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the websocket component due to using a fixed 32 bit mask that persisted and was used throughout the entire connection instead of updating it for each new outgoing frame as the...
CVE-2025-42925 Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time,...
CVE-2025-42925
The CVE-2025-42925 entry describes a vulnerability in SAP NetWeaver AS JAVA IIOP service caused by insufficient randomness when assigning Object Identifiers, enabling an authenticated lower-privileged actor to brute-force and predict identifiers to access limited system information. Affected comp...
SAP NetWeaver AS Java 安全漏洞
SAP NetWeaver AS Java is a platform system from SAP, a German company. A security vulnerability exists in SAP NetWeaver AS Java that stems from a lack of randomness and could lead to predictive identifiers...
Linux Distros Unpatched Vulnerability : CVE-2025-40924
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a usually SHA-1 hash of a simple...
CVE-2024-28957
Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...
CVE-2025-22608 Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization allows any authenticated user to revoke any team invitations on a Coolify instance by only providing a predictable and incrementing ID,...
Mars: unauthorized access and add user and change personal information all users
The report describes a vulnerability in the ██████████ website, where unauthorized access to an API endpoint allowed attackers to add new users and modify personal information of existing users. The vulnerability was classified as Improper Access Control. The issue stemmed from the absence of...
GO-2022-0912 Predictable SIF UUID Identifiers in github.com/sylabs/sif
Predictable SIF UUID Identifiers in github.com/sylabs/sif...
CVE-2024-28957
Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...
CVE-2024-28957
Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...
CVE-2024-28957
The CVE-2024-28957 vulnerability affects Cente middleware TCP/IP Network Series devices. It is a predictable-IDs issue (CWE-340) where an attacker, remotely and without authentication, could disrupt or interfere communications by guessing packet header IDs. The Red Hat advisory and NVD records de...
CVE-2024-28957
Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...
PT-2024-22643 · Unknown · Cente Middleware Tcp/Ip Network Series
Name of the Vulnerable Software and Affected Versions: Cente middleware TCP/IP Network Series affected versions not specified Description: A generation of predictable identifiers issue exists in the Cente middleware TCP/IP Network Series. If this issue is exploited, a remote unauthenticated...
SteVe Security Vulnerabilities
SteVe is an open platform open-sourced by the SteVe Community. It is used to implement, test and evaluate novel ideas for electric vehicles, such as authentication protocols, charging point reservation mechanisms and business models for electric vehicles. A security vulnerability exists in SteVe...
go.uuid has Predictable UUID Identifiers
CVE Description for go.uuid A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. Updat...
CVE-2022-26317
A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...
PT-2021-21327 · Emuse · Emuse
Name of the Vulnerable Software and Affected Versions: Emuse - eServices / eNvoice affected versions not specified Description: The issue concerns the exposure of private personal information due to a lack of identification mechanisms and predictable IDs. An attacker can exploit this to scrape al...
Solarwinds Orion Platform 安全漏洞
Solarwinds Orion Platform is a network fault and network performance management platform from Solarwinds, Inc. The platform provides real-time monitoring and analysis of network devices, and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network, etc....
CVE-2021-3538
A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker...