Intel Quartus Prime Pro Security Feature Issue Vulnerability

Intel Quartus Prime Pro is a set of multi-platform design environments from the U.S. company Intel Intel. The product is primarily used for programming programmable logic devices. A security vulnerability exists in Intel Quartus Prime Pro Edition prior to version 22.4, which stems from the presen...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

Authorization

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

CVE-2023-26451

CVE-2023-26451 concerns Open-Xchange AppSuite’s integrated oAuth Authorization Service, which used a weak randomness source to generate authorization tokens. This made authorization codes predictable to third parties, enabling interception of the client authorization process and potential account...

CVE-2023-26451

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...

PT-2023-20644 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to the integrated oAuth Authorization Service, where functions with insufficient randomness were used to generate authorization tokens. This made authorization codes...

Open-Xchange AppSuite Security Feature Issue Vulnerability

Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, and more. A security signature issue vulnerability exists in Open-Xchange AppSuite that stems from the integrated oAuth...

DEBIAN-CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness. If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value whe...

CVE-2023-3803

A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. Th...

PT-2023-26256 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System

Name of the Vulnerable Software and Affected Versions: Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0 Description: A problematic vulnerability has been found in the Chengdu Flash Flood Disaster Monitoring and Warning System. This issue affects an unknown part of the file...

RHEL 8 : nodejs:16 (RHSA-2023:4034)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4034 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nodejs:16 (RHSA-2023:4033)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4033 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 7 : rh-nodejs14-nodejs (RHSA-2023:4039)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4039 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 8 : nodejs:18 (RHSA-2023:4035)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4035 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 9 : nodejs (RHSA-2023:4036)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4036 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

Important: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

c-ares: Insufficient randomness in generation of DNS query IDs

A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...

Important: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...