K43404365: BIG-IP APM logs may contain random data after the APM session ID

Security Advisory Description The BIG-IP APM system may log random data after the APM session ID in the /var/log/apm logs. An additional 24 bytes of random information may be logged after the APM session ID. This issue occurs when the following condition is met: You use the ACCESS::log command in...

The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. This allows attackers to gain unauthorized access to protected information.

The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by sending...

GO-2022-0244 Insufficient randomness in UUIDs in github.com/satori/go.uuid

Random data used to create UUIDs can contain zeros, resulting in predictable UUIDs and possible collisions...

CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

What is fuzz testing? What is it used to test for?

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information FUZZ into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or...

WordPress 信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress suffers from an information disclosure vulnerability that stems from the fact that the...

AB32VG1 安全漏洞

The AB32VG1 is a chip from ZTE Bluetooth. A security vulnerability exists in the AB32VG1, which stems from the Bluetooth Classic implementation on the AB32VG1 device not properly handling the reception of successive unsolicited LMP responses, allowing an attacker within radio range to trigger a...

SUSE: Security Advisory (SUSE-SU-2021:2760-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2021:2760-1 Security update for c-ares

This update for c-ares fixes the following issues: Version update to git snapshot 1.17.1+20200724: - CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers bsc1188881 - If aresgetaddrinfo was terminated by an aresdestroy, it would cause crash - Crash in sortaddrinfo if...

Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

CVE-2020-12858

The CVE-2020-12858 entry concerns the COVIDSafe Android app, where non-reinitialisation of random data in the advertising payload in versions v1.0.15 and v1.0.16 allows a remote attacker to re-identify devices by scanning advertising beacons. Affected component: COVIDSafe app’s advertising beacon...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

CVE-2015-8851 affects node-uuid before 1.4.4. The root cause is insufficient randomness in GUID generation (use of Math.random instead of a cryptographically secure source), which could enable attackers to guess GUIDs with unspecified impact. Affected: node-uuid (pre-1.4.4). Impact and exploitabi...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2018-11785

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query...

Security Bulletin: Vulnerabilities in GSKit affect IBM SPSS Modeler (CVE-2015-0159, CVE-2015-0138, CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM SPSS Modeler. The GSKit that is shipped with IBM SPSS Modeler contains multiple security vulnerabilities including the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. IBM SPSS Modeler has addressed the...

Security Bulletin: Vulnerabilities in GSKit affect IBM WebSphere MQ (CVE-2015-0159, CVE-2015-0138 and CVE-2014-6221)

Summary GSKit is an IBM component that is used by IBM WebSphere MQ. The GSKit that is shipped with IBM WebSphere MQ contains multiple security vulnerabilities including the "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. Vulnerability Details CVEID:...

Cisco Jabber for Windows Information Disclosure Vulnerability (CNVD-2017-36124)

Cisco Jabber for Windows is the United States Cisco Cisco company's set of unified communications client solutions for the Windows platform. The program provides online status display, instant messaging, voice and other functions. An information disclosure vulnerability exists in Cisco Jabber for...

CVE-2017-12361

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber...