CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL prior to version 5.7.2, which stems from the use of insufficiently randomized random numbers when generating...

FIWARE Keyrock 安全漏洞

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

PT-2024-29780 · Fiware · Fiware Keyrock

Name of the Vulnerable Software and Affected Versions: FIWARE Keyrock versions = 8.4 Description: The issue is related to insufficiently random values for generating password reset tokens, allowing attackers to take over the account of any user by predicting the token for the password reset link...

PT-2024-29781 · Fiware · Fiware Keyrock

Name of the Vulnerable Software and Affected Versions: FIWARE Keyrock versions = 8.4 Description: The issue is related to insufficiently random values used for generating password reset tokens, allowing attackers to predict the token and disable two-factor authorization for any user. This makes i...

CVE-2024-6890

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password...

CVE-2024-6890

Journyx (jtime) 11.5.4 on GNU/Linux is affected by an insecure source of randomness used to generate password reset tokens, enabling an unauthenticated attacker who knows a username to brute-force the reset and change the administrator password. Technical details describe token creation flaws and...

PT-2024-37931 · Journyx · Journyx

Name of the Vulnerable Software and Affected Versions: Journyx affected versions not specified Description: The issue arises from the generation of password reset tokens using an insecure source of randomness. This allows attackers who are aware of the username of the Journyx installation user to...

edk2: Use of a Weak PseudoRandom Number Generator

A security flaw has been identified in the cryptographic system of EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized remote attacker to potentially expose sensitive information...

Insufficient randomness in github.com/Masterminds/goutils

...

CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

WordPress Plugin WooCommerce-Social Login Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

WordPress BuddyForms plugin <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness vulnerability

Email Verification Bypass due to Insufficient Randomness vulnerability discovered by István Márton in WordPress Plugin BuddyForms versions = 2.8.9...

CVE-2024-36389

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass...

PT-2024-40424 · Stormpath · Stormpath-Sdk-Php

Name of the Vulnerable Software and Affected Versions: stormpath-sdk-php affected versions not specified Description: The issue is related to the use of an insecure random number generator RNG in the generation of UUID version 4 within the codebase. Recommendations: At the moment, there is no...

CLSA-2024-1716485695 php: Fix of 2 CVEs

CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...

CLSA-2024-1716485568 php: Fix of 2 CVEs

CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...