CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1235 matches found

OSV•added 2022/09/21 9:25 a.m.•1 views

USN-5622-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...

8.2CVSS6.8AI score0.05077EPSS

Exploits3References7

Positive Technologies•added 2022/09/20 12:0 a.m.•2 views

PT-2022-24817 · Unknown · Js Compute Runtime

Name of the Vulnerable Software and Affected Versions: JS Compute Runtime versions prior to 0.5.3 Description: The Math.random and crypto.getRandomValues methods fail to use sufficiently random values, making the sequence of random values predictable. An attacker can use the fixed seed to predict...

7.5CVSS7.5AI score0.00097EPSS

Exploits0References6

CNNVD•added 2022/09/20 12:0 a.m.•1 views

js-compute-runtime 安全漏洞

js-compute-runtime is a Fastly Compute@Edge JavaScript runtime open-sourced by Fastly. A security vulnerability exists in js-compute-runtime versions 0.4.0 through 0.5.3, which stems from the failure of the Math.random and crypto.getRandomValues methods to use sufficient random values...

7.5CVSS7.2AI score0.00097EPSS

Exploits0References3

Node JS Blog•added 2022/09/15 12:0 a.m.•42 views

September 23rd 2022 Security Releases

September 23rd 2022 Security Releases Update 26-September-2022 Security releases available Recommendation update regarding CVE-2022-35255: Roll-out and re-issue all keys generated with WebCrypto.subtle.generateKey. Re-evaluate the confidentiality of data encrypted with those keys. Update...

9.1CVSS8AI score0.86472EPSS

Exploits5

OSV•added 2022/09/09 11:4 a.m.•1 views

OESA-2022-1905 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: In Samba, GnuTLS gnutlsrnd can fail and give predictable random values.CVE-2022-1615...

5.5CVSS6.9AI score0.00259EPSS

Exploits1References2

Hacker One•added 2022/09/02 7:3 p.m.•97 views

Node.js: Weak randomness in WebCrypto keygen

https://github.com/nodejs/node/pull/35093 introduced a call to EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1. It does not check the return value, it assumes EntropySource always succeeds, but it can and sometimes will fail. 2. The...

6.4CVSS9.2AI score0.01213EPSS

Exploits1

OSV•added 2022/09/01 9:15 p.m.•1 views

ALPINE-CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

5.5CVSS7AI score0.00259EPSS

Exploits1References1

OSV•added 2022/09/01 9:15 p.m.•1 views

DEBIAN-CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

5.5CVSS6.1AI score0.00259EPSS

Exploits1References1

ATTACKERKB•added 2022/09/01 9:15 p.m.•3 views

CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

5.5CVSS6.4AI score0.00259EPSS

Exploits1References6

Snyk•added 2022/07/28 5:24 p.m.•1 views

Information Exposure

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Information Exposure. Go Vulnerability Report: An attacker can correlate a resumed TLS session with a previous connection.Session tickets generated by crypto/tls do not...

3.7CVSS9.2AI score0.00074EPSS

Exploits1References3

OSV•added 2022/07/26 12:1 a.m.•18 views

GHSA-6X93-H9G3-9PHR otp-generator before v3.0.0 insecurely generates random one-time passwords