EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2023-2575)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

CentOS 8 : nodejs:18 (CESA-2023:4035)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4035 advisory. - A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitra...

CVE-2023-36993

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts...

TravianZ 安全特征问题漏洞

TravianZ is a free-to-play, in-browser, web-based strategy game from German company Travian. A security vulnerability exists in TravianZ version 8.3.4, 8.3.3, which stems from a cryptographically insecure random number generator used in the password reset function allowing an attacker to guess th...

CVE-2023-36993

The CVE concerns TravianZ 8.3.4 and 8.3.3 where the password reset function uses a cryptographically insecure random number generator. This root cause permits an attacker to guess password reset parameters and take over accounts. Public sources in connected documents corroborate the same affected...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

Progress Software DataDirect Connect 安全特征问题漏洞

Progress Software DataDirect Connect is a data connectivity solution from Progress Software, Inc. that can run in the cloud or locally. A security vulnerability previously existed in Progress Software DataDirect Connect version 08.02.2770, which arose when using Oracle Advanced Security OAS...

PT-2023-24839 · Progress · Progress Datadirect Connect For Odbc

Name of the Vulnerable Software and Affected Versions: Progress DataDirect Connect for ODBC versions prior to 08.02.2770 for Oracle Description: An issue was discovered when using Oracle Advanced Security OAS encryption. If an error occurs while initializing the encryption object, the code falls...

Design/Logic Flaw

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

CVE-2023-2884

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

SUSE CVE-2023-31147

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

Race condition vulnerability in positionManager minting function

Lines of code Vulnerability details Impact race condition vulnerability can result in the issuance of duplicate token IDs. When multiple transactions are executed in quick succession attempting to mint tokens, they may end up being assigned the same ID due to a shared counter or variable used to...

CVE-2023-20107

A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG, in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an...

(Pseudo) Random Number Generator can be gamed, allowing a user to target desirable NFT traits

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The iteratePRNG function in the Utils.sol library is used in Tray.sol:drawing, which is used to determine the tile data that a user gets when they purchase an NFT in Tray.sol:buy. An attacker can exploi...

Debian: Security Advisory (DLA-600-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Insecure Random Number Generator

lemur is vulnerable to an Insecure Random Number Generator. The vulnerability is due to the getpsuedorandomstring function in utils.py, caused to the usage of the insecure random library, which can result in authentication bypass in multiple services. The random library was used to generate the...

K09040132: libgcrypt vulnerability CVE-2016-6313

Security Advisory Description The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits...

Mitsubishi Electric MELSEC iQ-F, iQ-R Series Predictable Seed in Pseudo-Random Number Generator (CVE-2022-40267)

Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...

SUSE CVE-2006-5639

Unspecified vulnerability in the random number generator in OpenWBEM Web Based Enterprise Management 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication."...