239 matches found
PT-2024-22210
Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...
PT-2024-20913 · Rt-Thread · Rt-Thread
Name of the Vulnerable Software and Affected Versions: RT-Thread versions through 5.0.2 Description: The issue is related to a weak random number generation algorithm used in RT-Thread. The algorithm, defined as seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;, is implemented in the calc...
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...
CVE-2023-32831
In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868...
Exploit for Uncontrolled Search Path Element in Dieboldnixdorf Vynamic_View
Exploit Title: DLL Hijacking in Diebold Nixdorf Vynamic View C...
Rocky Linux 8 : nodejs:18 (RLSA-2022:7821)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7821 advisory. - A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in...
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...
CVE-2020-27213
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...
Important: php
Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...
CVE-2023-39979
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values...
MOXA MXsecurity Security Feature Issue Vulnerability
MOXA MXsecurity is a management platform from China-based MOXA. that provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A security vulnerability exists in MOXA MXsecurity...
Intel Quartus Prime Pro Security Feature Issue Vulnerability
Intel Quartus Prime Pro is a set of multi-platform design environments from the U.S. company Intel Intel. The product is primarily used for programming programmable logic devices. A security vulnerability exists in Intel Quartus Prime Pro Edition prior to version 22.4, which stems from the presen...
Debian: Security Advisory (DSA-5424-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-5425-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5425-1] php8.2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5425-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2023 https://www.debian.org/security/faq -...
[SECURITY] [DSA 5424-1] php7.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5424-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2023 https://www.debian.org/security/faq -...
Synology DiskStation Manager 安全特征问题漏洞
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology, a Chinese company. This operating system manages information such as data, files, photos, music, and more. A security feature issue vulnerability exists in Synology DiskStation Manager...
PT-2023-21053 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 7.2-64561 Description: The issue concerns the use of insufficiently random values in the User Management Functionality, allowing remote attackers to obtain user credentials via unspecified...
WordPress Plugin uListing 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin uListing suffers from a...
Important: c-ares
Issue Overview: A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. CVE-2022-49...