326 matches found
Use of Insufficiently Random Values in undici
Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150
Undici (HTTP/1.1 client) is affected by CVE-2025-22150 in versions prior to 5.28.5, 6.21.1, and 7.2.3 due to using Math.random() to generate multipart/form-data boundaries. This can enable an attacker-controlled endpoint to tamper with requests if specific conditions are met, potentially affectin...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150 Undici Uses Insufficiently Random Values
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150 Undici Uses Insufficiently Random Values
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2023-2729)
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager DSM before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2018-13280)
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non- HTTPS sessions via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
CVE-2024-7659
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
CVE-2024-42165 Arbitrary User Activation
Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...
CVE-2024-42163 Password Manipulation
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...
CVE-2024-42163 Password Manipulation
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
CVE-2024-7659
CVE-2024-7659 (projectsend) affects the Password Reset Token Handler: the function generate_random_string in includes/functions.php produces insufficiently random values. This can be exploited remotely, affecting projectsend up to version r1605 . The issue is addressed by upgrading to version r17...
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
Unspecified vulnerability in Linux kernel (CNVD-2024-35101)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the bpf module in the BPFCOREREADBITFIELD macro, where the variable val may be uninitialized. This could...
UBUNTU-CVE-2024-42161
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...
Dahua Security Cameras Use of Insufficiently Random Values (CVE-2020-9502)
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. This plugin only works with Tenable.ot. Please visit...
Siemens SIMATIC S7-200 SMART Devices Use of Insufficiently Random Values (CVE-2024-35292)
Affected devices are using a predictable IP ID sequence number. This leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial-of-service condition. This...
CVE-2024-21460 Use of Insufficiently Random Values in Core
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space...