CVE-2023-1732 Improper random reading in CIRCL

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

CIRCL 安全漏洞

CIRCL is an open source collection of cryptographic primitives written in Go by Cloudflare. CIRCL has a security vulnerability that stems from the fact that the tkn20 and blindrsa components do not check whether a user-supplied random source returns sufficient randomness...

PT-2023-6901 · Circl · Circl

Name of the Vulnerable Software and Affected Versions: CIRCL versions prior to 1.3.3 Description: The issue arises from insufficient input validation and lack of measures to neutralize instructions in dynamically executed code in the crypto/rand.Read function. This could lead to a predictable...

samba: GnuTLS gnutls_rnd() can fail and give predictable random values

A flaw was found in Samba. When the gnutlsrnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutlsrnd function fails...

Amazon Fire TV Stick 安全特征问题漏洞

The Amazon Fire TV Stick is a television voice recognition remote control from Amazon.com, Inc. The Amazon Fire TV Stick suffers from a security signature issue vulnerability that stems from initializing random numbers to known values and incorrect JPAKE implementation that allows for brute force...

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

PT-2023-19459 · Konga · Konga

Name of the Vulnerable Software and Affected Versions: Konga version 2.8.3 Description: A problem was found in the Login API component, leading to insufficiently random values. The complexity of an attack is rather high, and the exploitability is difficult. The issue has been disclosed to the...

PYSEC-2023-20

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur...

CVE-2023-30797

Netflix Lemur prior to version 1.3.2 is affected by insecure random number generation in default credential creation. The root cause is insufficiently random values used when generating default credentials, which may allow an attacker to guess credentials and access resources managed by Lemur. Ev...

Netflix Lemur 安全特征问题漏洞

Netflix Lemur is Netflix's tool for managing TLS credential creation. A security vulnerability exists in Netflix Lemur versions prior to 1.3.2, which stems from an insufficiently randomized value used when generating default credentials, and which could be exploited by an attacker to guess...

Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Multiple Vulnerabilities (GHSA-h3c9-cmh8-7qpj, GHSA-ch7f-px7m-hg25, GHSA-5w64-6c42-rgcv, GHSA-7w2p-rp9m-9xp9)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

TP-LINK TL-WR940N Security Feature Issue Vulnerability

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. The TP-Link TL-WR940N suffers from a Security Feature Issue vulnerability that stems from a lack of sufficient randomness in the serial number used for session management. An attacker could exploit the vulnerability to bypass...

CVE-2023-28835 Insecure randomness for default password in nextcloud

Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force...

PT-2023-2468 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.10 Nextcloud Server versions prior to 25.0.4 Description: The issue is related to the generated fallback password when creating a share in Nextcloud Server, which uses a weak complexity random number...

CVE-2022-43636

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6211111 3.20.1US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

CVE-2022-43636

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6211111 3.20.1US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

Authentication flaw

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6211111 3.20.1US routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by...

TP-LINK TL-WR940N 安全特征问题漏洞

The TP-LINK TL-WR940N is a wireless router from China P&L TP-LINK. The TP-Link TL-WR940N suffers from a Security Feature Issue vulnerability that stems from a lack of sufficient randomness in the serial number used for session management. An attacker could exploit the vulnerability to bypass...

PT-2023-2102 · Abb · Abb Infinity Dc Power Plant +1

Name of the Vulnerable Software and Affected Versions: ABB Pulsar Plus System Controller NE843 S ABB Infinity DC Power Plant H5692448 G104 ABB Infinity DC Power Plant H5692448 G842 ABB Infinity DC Power Plant H5692448 G224L ABB Infinity DC Power Plant H5692448 G630-4 ABB Infinity DC Power Plant...

PT-2023-13713 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.7.8 Combodo iTop versions prior to 3.0.2-1 Description: Combodo iTop is an open source, web-based IT service management platform. The reset password token is generated without any randomness parameter, which m...