832 matches found
Net::NSCA::Client 安全漏洞
Net::NSCA::Client is a Perl library developed by DOUGDUDE’s individual developer. Versions of Net::NSCA::Client 0.009002 and earlier contain security vulnerabilities, which stem from the use of insecure random number generators. This could lead to the prediction of session IDs...
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the use of a predictable algorithm for generating device lock and wipe PINs based solely on the current Unix timestamp. An attacker can gain unauthorized access to...
CVE-2026-23999
CVE-2026-23999 affects Fleet open source device management before version 4.80.1. The vulnerability stems from a predictable 6‑digit PIN (device lock/wipe) derived from the current Unix timestamp without secret entropy, allowing an attacker with physical access and knowledge of approximate lock t...
Predicting Known Vulnerabilities from Attack Descriptions Using Sentence Transformers
Modern infrastructures rely on software systems that remain vulnerable to cyberattacks. These attacks frequently exploit vulnerabilities documented in repositories such as MITRE's Common Vulnerabilities and Exposures CVE. However, Cyber Threat Intelligence resources, including MITRE ATT&CK and CV...
Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)
Summary Vulnerabilities in ISC BIND could allow an attacker to inject forged data into the cache CVE-2025-40778, predict the source port and query ID that BIND will use CVE-2025-40780, or cause CPU exhaustion CVE-2025-8677. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details...
Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-40778 CVE-2025-40780 CVE-2025-8677)
IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:49:11 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory29.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-40778, CVE-2025-40780,...
CVE-2020-37104 ASTPP 4.0.1 VoIP Billing - Database Backup Download
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database...
H.265/HEVC Video Steganalysis Based on CU Block Structure Gradients and IPM Mapping
Existing H.265/HEVC video steganalysis research mainly focuses on statistical feature modeling at the levels of motion vectors MV, intra prediction modes IPM, or transform coefficients. In contrast, studies targeting the coding-structure level - especially the analysis of block-level steganograph...
Cascaded Vulnerability Attacks in Software Supply Chains
Most of the current software security analysis tools assess vulnerabilities in isolation. However, sophisticated software supply chain security threats often stem from cascaded vulnerability and security weakness chains that span dependent components. Moreover, although the adoption of Software...
MiracleLinux 4 : gcc-4.4.7-18.2.0.1.AXS4 (AXBA:2018-3035:03)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXBA:2018-3035:03 advisory. - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001661)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001661 advisory. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with loca...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003117)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003117 advisory. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with loca...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002631)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002631 advisory. Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with loca...
ALFA: A Safe-By-Design Approach to Mitigate Quishing Attacks Launched Via Fancy QR Codes
Phishing with Quick Response QR codes is termed as Quishing. The attackers exploit this method to manipulate individuals into revealing their confidential data. Recently, we see the colorful and fancy representations of QR codes, the 2D matrix of QR codes which does not reflect a typical mixture ...
CVE-2009-4326
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...
CVE-2022-37459
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue...
CVE-2019-2317
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
CVE-2019-11690
genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...
Salesforce Uni2TS 安全漏洞
Salesforce Uni2TS is a temporal prediction Python library from Salesforce USA. A security vulnerability exists in Salesforce Uni2TS 1.2.0 and prior versions, which stems from improper code generation controls and could lead to the exploitation of executable code in a non-executable file...
CVE-2022-27577
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise servic...