CVE-2021-28099

The provided connected documents confirm CVE-2021-28099 affects Netflix OSS Hollow. The vulnerability arises because Hollow calls Files.exists(parent) before creating directories, enabling an attacker who can create directories to pre-create the target directory with wide permissions. Additionall...

CVE-2021-28099

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

PT-2021-17743 · Netflix · Netflix Oss Hollow

Name of the Vulnerable Software and Affected Versions: Netflix OSS Hollow affected versions not specified Description: The issue allows an attacker to pre-create directories with wide permissions since the Files.existsparent check is performed before creating the directories. Furthermore, the use...

Vulnerabilities fixed in NetBSD

The developers of NetBSD have fixed a number of vulnerabilities fixed in NetBSD's IP stack. Because packet IDs are not randomly are not randomly generated by default, a malicious party can predict the IP traffic. predict, allowing the malicious party to launch a man-in-the-middle attack to obtain...

PT-2021-2228 · Oryx · Cyclonetcp

Name of the Vulnerable Software and Affected Versions: Oryx CycloneTCP version 1.9.6 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the CycloneTCP stack implementation. This could allow a remote attacker to gain unauthorized access to protecte...

PT-2021-2230 · Fnet · Fnet

Name of the Vulnerable Software and Affected Versions: FNET version 4.6.3 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the FNET protocol stack implementation. This could allow a remote attacker to gain unauthorized access to protected...

PT-2021-2231 · Contiki · Contiki

Name of the Vulnerable Software and Affected Versions: Contiki version 4.5 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the Contiki OS uIP protocol stack implementation. This could allow a remote attacker to gain unauthorized access to...

PT-2021-2232 · Picotcp · Picotcp

Name of the Vulnerable Software and Affected Versions: PicoTCP version 1.7.0 Description: The issue is related to the improper randomness of TCP Initial Sequence Numbers ISNs in the PicoTCP stack implementation. This could potentially allow a remote attacker to gain unauthorized access to protect...

CVE-2021-23127 [20210301] - Core - Insecure randomness within 2FA secret generation

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes...

PT-2021-2223 · Unknown · Ethernut Nut/Os

Name of the Vulnerable Software and Affected Versions: Ethernut Nut/OS version 5.1 Description: An issue was discovered in the code that generates Initial Sequence Numbers ISNs for TCP connections, deriving the ISN from an insufficiently random source. This allows an attacker to determine the ISN...

Open Source Matters Joomla 安全特征问题漏洞

Joomla is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source, cross-platform content management system CMS. Joomla suffers from a cryptographic issue vulnerability that stems from not using the secure rand function during the generation of 2FA keys. No...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Rust has a memory corruption vulnerability in versions prior to 0.2.3. The vulnerability stems from the program's implied randomness to arrays, so that uninitialized memory may be discarded in the event of an...

kernel: information exposure in drivers/char/random.c and kernel/time/timer.c

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality...

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.4. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2017-7957 DESCRIPTION: XStream is vulnerable to a denial of service,...

[20210301] - Core - Insecure randomness within 2FA secret generation

Usage of the insecure rand function within the process of generating the 2FA secret.Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes...

kernel: information exposure in drivers/char/random.c and kernel/time/timer.c

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality...

kernel: information exposure in drivers/char/random.c and kernel/time/timer.c

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality...

CVE-2020-25232

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...

CVE-2020-15023

Askey AP5100W devices through AP5100WDualSIG1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute...

CVE-2020-15023

Askey AP5100W devices through AP5100WDualSIG1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted and even failed WPS authentication attempt, it is possible to brute...