Low: c-ares

Issue Overview: When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a...

Insufficient Randomness

github.com/cubefs/cubefs is vulnerable to use of insufficient random strings. The vulnerability due to creation of the accessKey which is insufficiently random. This allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges...

CVE-2023-32831

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868...

PT-2024-12342 · Unknown · Wlan Driver

Name of the Vulnerable Software and Affected Versions: WLAN driver affected versions not specified Description: In the wlan driver, there is a possible PIN crack due to the use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. Us...

PT-2024-5263 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to information disclosure when Address Space Layout Randomization ASLR relocates certain portions in virtual address space as one chunk...

PT-2023-12620 · Sympa +1 · Sympa +1

Name of the Vulnerable Software and Affected Versions: Sympa versions prior to 6.2.62 Description: The issue relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a sa...

Exploit for Uncontrolled Search Path Element in Dieboldnixdorf Vynamic_View

Exploit Title: DLL Hijacking in Diebold Nixdorf Vynamic View C...

CLSA-2023-1699907901 Fix CVE(s): CVE-2023-3247

SECURITY UPDATE: possible weak randomness in nonce value - debian/patches/php-7.0-CVE-2023-3247.patch: Fix missing randomness check for SOAP HTTP Digest...

CLSA-2023-1699907419 Fix CVE(s): CVE-2023-3247

SECURITY UPDATE: possible weak randomness in nonce value - debian/patches/php-7.1-CVE-2023-3247.patch: Fix missing randomness check for SOAP HTTP Digest - CVE-2023-3247...

ALSA-2023:6635 Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

Moderate: c-ares security, bug fix, and enhancement update

The c-ares C library defines asynchronous DNS Domain Name System requests and provides name resolving API. The following packages have been upgraded to a later upstream version: c-ares 1.19.1. BZ2210370 Security Fixes: c-ares: buffer overflow in configsortlist due to missing string length check...

Rocky Linux 8 : nodejs:18 (RLSA-2022:7821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7821 advisory. - A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in...

GO-2023-2119 Proof forgery due to insufficient randomness in github.com/consensys/gnark

A a third party may derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. This vulnerability is due to randomness being generated using a small part of the scratch memory describing the state, allowing for degrees of...

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

GHSA-7P92-X423-VWJ6 Plonk verifier KZG multi point verification

Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...

CVE-2020-27635

In PicoTCP 1.7.0, TCP ISNs are improperly random...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

CVE-2020-27630

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random...