CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

968 matches found

Tenable Nessus•added 2021/10/20 12:0 a.m.•35 views

Debian DLA-2788-1 : strongswan - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2788 advisory. Researchers at the United States of America National Security Agency NSA identified a denial of services vulnerability in strongSwan, an IKE/IPsec suite. Once the in-memory...

7.5CVSS7.9AI score0.04804EPSS

Exploits0References5

Tenable Nessus•added 2021/10/19 12:0 a.m.•31 views

Ubuntu 18.04 LTS / 20.04 LTS : strongSwan vulnerabilities (USN-5111-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5111-1 advisory. It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSw...

7.5CVSS7.9AI score0.06438EPSS

Exploits0References3

The Hacker News•added 2021/10/12 7:57 a.m.•41 views

GitHub Revoked Insecure SSH Keys Generated by a Popular git Client

Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...

9.1CVSS0.1AI score0.02993EPSS

Exploits1

Prion•added 2021/10/11 5:15 p.m.•19 views

Path traversal

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

6.4CVSS9.3AI score0.02993EPSS

Exploits1References2Affected Software1

Github Security Blog•added 2021/10/11 5:9 p.m.•45 views

Insecure random number generation in keypair

Description and Impact A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recomme...

9.1CVSS1.5AI score0.02993EPSS

Exploits1References6Affected Software1

OSV•added 2021/09/02 5:7 p.m.•16 views

GHSA-J85Q-WHC9-G4P9 Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...

5.9CVSS5.7AI score0.01064EPSS

Exploits0References3

OSV•added 2021/09/01 6:35 p.m.•10 views

GHSA-HQ3V-RG6F-6HX4 Use of Insufficiently Random Values in yiisoft/yii2-dev

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

7.5CVSS7.4AI score0.01902EPSS

Exploits1References4

Github Security Blog•added 2021/09/01 6:35 p.m.•33 views

Use of Insufficiently Random Values in yiisoft/yii2-dev

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS7.3AI score0.01902EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2021/09/01 6:35 p.m.•37 views

Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS5.5AI score0.017EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2021/08/25 8:52 p.m.•18 views

Incorrect check on buffer length in rand_core

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data. The vulnerability was introduced in v0.6.0. The advisory doesn't apply to earlier minor...

9.8CVSS2.9AI score0.01243EPSS

Exploits0References6Affected Software1

BDU FSTEC•added 2021/08/25 12:0 a.m.•2 views

The vulnerability of the Eclipse TinyDTLS library, related to errors in the code for generating pseudo-random numbers, allows a hacker to disclose the protected information.

The vulnerability of the Eclipse TinyDTLS library is related to errors in the code of the pseudorandom number generator. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

7.8CVSS7.2AI score0.01045EPSS

Exploits1References3Affected Software1

OSV•added 2021/08/11 5:15 p.m.•2 views

CVE-2021-3047

A cryptographically weak pseudo-random number generator PRNG is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to...

3.1CVSS5.8AI score0.00452EPSS

Exploits0References1

OSV•added 2021/08/10 5:15 p.m.•16 views

CVE-2021-3692

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

5.3CVSS6.8AI score

Exploits0References2

Prion•added 2021/08/10 5:15 p.m.•16 views

Code injection

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

5CVSS5.2AI score0.017EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/08/10 3:36 p.m.•27 views

CVE-2021-3692 Use of Predictable Algorithm in Random Number Generator in yiisoft/yii2

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...

8.1CVSS5.6AI score0.017EPSS

Exploits1References2

CVE•added 2021/08/10 3:36 p.m.•76 views

CVE-2021-3692

CVE-2021-3692 affects yiisoft/yii2 (and related versions) with a vulnerability described as Use of Predictable Algorithm in Random Number Generator. Public sources consistently point to insecure RNG usage, notably the use of mt_rand() in code paths such as CaptchaAction.php, leading to predictabl...

8.1CVSS5.6AI score0.017EPSS

Exploits1References2Affected Software1