326 matches found
CVE-2022-43485
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...
CVE-2022-43485
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...
Design/Logic Flaw
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...
CVE-2022-43485
CVE-2022-43485 affects Honeywell OneWireless WDM 322.1, due to use of insufficiently random values for signing tokens, potentially allowing attacker to manipulate client JWT claims. Remediation: upgrade to OneWireless 322.2 (as per Honeywell/ICS guidance). Several sources (Red Hat, PRION, CNNVD, ...
CVE-2023-2884
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
Design/Logic Flaw
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2884 Insecure Randomness in CBOT's Chatbot
Use of Cryptographically Weak Pseudo-Random Number Generator PRNG, Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
Use of Insufficiently Random Values
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...
Oracle Linux 8 : samba (ELSA-2023-2987)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2987 advisory. - In Samba, GnuTLS gnutlsrnd can fail and give predictable random values. CVE-2022-1615 Note that Nessus has not tested for this issue but has instead relied on...
Low: Red Hat Security Advisory: samba security, bug fix, and enhancement update
An update for evolution-mapi, openchange, and samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Oracle Linux 9 : skopeo (ELSA-2023-2283)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2283 advisory. 2:1.11.2-0.1 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 https://github.com/containers/skopeo/commit/3f987...
Oracle Linux 9 : buildah (ELSA-2023-2253)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2253 advisory. - fix CVE-2022-2990 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...
CVE-2023-2418
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
Design/Logic Flaw
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
CVE-2023-2418 Konga Login API random values
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...
CVE-2023-2418
CVE-2023-2418 affects Konga version 2.8.3 running on Kong. The issue is in the Login API component, where handling leads to insufficiently random values. The documented attack complexity is high and exploitability is difficult, with multiple sources indicating the vulnerability could be exploited...
KONGA 安全特征问题漏洞
KONGA is a full-featured, open source, multi-user GUI from the Dutch individual developer Panagis Tselentis. A security feature issue vulnerability exists in KONGA version 2.8.3, which stems from insufficient random values...
Duplicate Advisory: Lemur subject to insecure random generation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5fqv-mpj8-h7gm. This link is maintained to preserve external references. Original Description Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The...
GHSA-R4XG-4WRV-W72H Duplicate Advisory: Lemur subject to insecure random generation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5fqv-mpj8-h7gm. This link is maintained to preserve external references. Original Description Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The...
CVE-2023-30797
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...