Synology DiskStation Manager 安全特征问题漏洞

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. This operating system manages information such as data, files, photos, music, and more. A security feature issue vulnerability exists in Synology DiskStation Manager...

PT-2023-21053 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.2-64561 Description: The issue concerns the use of insufficiently random values in the User Management Functionality, allowing remote attackers to obtain user credentials via unspecified...

GHSA-3W3W-PXMM-2W2J crypto-js uses insecure random numbers

The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

Node.js 安全特征问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in versions of Node.js prior to version 3.2.1 that stems from the crypto-js package generating random numbers by concatenating strings, but using integers, which makes the output predictable...

SUSE: Security Advisory (SUSE-SU-2023:2477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OESA-2023-1340 c-ares security update

This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to...

OESA-2023-1339 c-ares security update

This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to...

SUSE-SU-2023:2477-1 Security update for libcares2

This update for libcares2 fixes the following issues: - CVE-2023-32067: Fixed a denial of service that could be triggered by a 0-byte UDP payload bsc1211604. - CVE-2023-31147: Fixed an insufficient randomness in generation of DNS query IDs bsc1211605. - CVE-2023-31130: Fixed a buffer underflow wh...

WordPress Plugin uListing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin uListing 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin uListing suffers from a...

Important: c-ares

Issue Overview: A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVE-2022-49...

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-32549

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator...

OESA-2023-1313 c-ares security update

This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple Security Fixes: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a...

SUSE: Security Advisory (SUSE-SU-2023:2313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:2313-1 Security update for c-ares

This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service bsc1211604 - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs bsc1211605 - CVE-2023-31130: Buffer Underwrite in aresinetnetpton bsc12116...

PT-2023-3037 · Honeywell · Honeywell Onewireless

Name of the Vulnerable Software and Affected Versions: Honeywell OneWireless version 322.1 Description: The issue is related to the use of insufficiently random values in Honeywell OneWireless, which may allow a remote attacker to manipulate claims in a client's JWT token, potentially gaining...

Honeywell OneWireless 安全特征问题漏洞

Honeywell OneWireless is an industrial wireless mesh network from Honeywell that can simultaneously support ISA100 Wireless IEC 62734, WirelessHART IEC 62591 field instruments transmitters, actuators, etc., Wi-Fi devices and Ethernet/IP-based devices. A security vulnerability exists in Honeywell...

Insufficient randomness in generation of DNS query IDs in c-ares

...

AZL-26869 CVE-2023-31147 affecting package c-ares for versions less than 1.19.1-1

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...