kernel: ELF: fix kernel.randomize_va_space double read

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

UBUNTU-CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomizevaspace double read ELF loader uses "randomizevaspace" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly on...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from kernel.randomizevaspace double read...

CVE-2023-52204

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3...

CVE-2023-52204

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3...

CVE-2023-52204 WordPress Randomize Plugin <= 1.4.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3...

CVE-2023-52204

CVE-2023-52204 concerns the WordPress plugin Randomize (versions

CVE-2023-52204 WordPress Randomize Plugin <= 1.4.3 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3...

WordPress Plugin Randomize SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Randomize suffers...

WordPress Randomize Plugin <= 1.4.3 is vulnerable to SQL Injection

Software Randomize Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-52204 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 05d6b2da1650 Credits Ngô Thiên An ancorn from VNPT-VCI Required privilege...

VMWare Aria Operations for Networks (vRealize Network Insight) SSH Private Key Exposure

VMWare Aria Operations for Networks vRealize Network Insight versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" root user. Module Options msf...

SUSE CVE-2020-23273

Heap-buffer overflow in the randomizeiparp function in editpacket.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service DOS via a crafted pcap...

Fedora 37 : kernel (2023-4006357f7e)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4006357f7e advisory. The 6.1.9 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

PT-2022-22110 · Totd · Totd

Name of the Vulnerable Software and Affected Versions: totd version 1.5.3 Description: The issue allows DNS cache poisoning due to the use of a fixed UDP source port in upstream queries sent to DNS resolvers, resulting in insufficient entropy to prevent traffic injection attacks. Recommendations:...

CVE-2022-34295

totd before 1.5.3 does not properly randomize mesg IDs...

Code injection

totd before 1.5.3 does not properly randomize mesg IDs...

CVE-2022-34295

CVE-2022-34295 affects totd, a DNS proxy nameserver by F.W. Dillema. The flaw stems from improper randomization of message IDs in versions prior to 1.5.3. The impact is exposure of how messages are matched/handled due to weak ID randomness, with the CVSS metrics indicating moderate severity (CVSS...

The vulnerability of the randomize_iparp function in the edit_packet.c component of the editing and replaying utility Pcap Tcpreplay allows a hacker to cause a service failure.

The vulnerability of the randomizeiparp function in the editpacket.c component of the Pcap editing and replay utility Tcpreplay is related to writing beyond buffer boundaries. Exploiting this vulnerability allows a malicious actor to cause service interruptions using a specially created pcap file...

kconfig-hardened-check-master

This is a tool for checking Linux kernel Kconfig option lists against security hardening preferences. The tool is called "kconfig-hardened-check" and is written in Python. It is designed to help users ensure that their Linux systems are properly secured by checking the kernel configuration agains...