Lucene search
K

192 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:13 p.m.12 views

CVE-2021-36171

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame...

8.1CVSS7.2AI score0.01136EPSS
Exploits0References1
OSV
OSV
added 2025/04/26 9:31 p.m.2 views

GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS6.7AI score0.00357EPSS
Exploits1References8
OSV
OSV
added 2025/04/16 2:2 p.m.5 views

OPENSUSE-SU-2025:0123-1 Security update for perl-Data-Entropy

This update for perl-Data-Entropy fixes the following issues: Updated to 0.8.0 0.008: see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand function...

7.7CVSS6.9AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2025/03/28 1:15 a.m.3 views

DEBIAN-CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions...

7.7CVSS5.6AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2025/01/06 7:23 p.m.15 views

GHSA-237R-R8M4-4Q88 Guzzle OAuth Subscriber has insufficient nonce entropy

Impact Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.phpL192. This can leave servers vulnerable to replay attacks when TLS is not used. Patches Upgrade to version 0.8.1 or higher...

6.3CVSS4.9AI score0.00443EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/03 12:0 a.m.4 views

PT-2025-4478 · Unknown +1 · Net::Oauth +1

Name of the Vulnerable Software and Affected Versions: Net::OAuth versions prior to 0.29 Description: The default nonce in Net::OAuth::Client is a 32-bit integer generated from the built-in rand function, which is not cryptographically strong. This weakness can be exploited due to the use of a...

5.3CVSS6.8AI score0.00585EPSS
Exploits0References26
OSV
OSV
added 2024/12/02 5:16 p.m.24 views

GHSA-6943-QR24-82VX sftpgo vulnerable to brute force takeover of OpenID Connect session cookies

Impact The OpenID Connect implementation, in the affected SFTPGo versions, allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically...

5.3CVSS6.2AI score0.00389EPSS
Exploits0References5
NVD
NVD
added 2024/11/29 7:15 p.m.16 views

CVE-2024-52801

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

5.3CVSS0.00389EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/29 6:26 p.m.20 views

CVE-2024-52801 Brute force takeover of OpenID Connect session cookies in sftpgo

sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are...

5.3CVSS0.00389EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.9 views

Fedora 41 : aws (2024-7908ee39a9)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-7908ee39a9 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...

7.5CVSS5.6AI score0.00426EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/10/07 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2024-63f98f8c60)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00426EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/10/07 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2024-d940f25a53)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.00426EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/10/06 12:0 a.m.15 views

Fedora 40 : aws (2024-63f98f8c60)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-63f98f8c60 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...

7.5CVSS5.6AI score0.00426EPSS
Exploits0References2
OSV
OSV
added 2024/08/15 6:40 p.m.18 views

CVE-2024-42475 OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

6.5CVSS6.9AI score0.00236EPSS
Exploits0References4
OSV
OSV
added 2024/06/24 12:30 p.m.13 views

GHSA-CF3Q-VG8W-MW84 Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

9.1CVSS9.2AI score0.05995EPSS
Exploits1References5
NVD
NVD
added 2024/06/24 10:15 a.m.27 views

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

9.1CVSS0.05995EPSS
Exploits1References2
OSV
OSV
added 2024/06/24 10:15 a.m.5 views

CVE-2024-29868

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

9.1CVSS9.2AI score
Exploits0References2
Cvelist
Cvelist
added 2024/06/24 9:59 a.m.56 views

CVE-2024-29868 Apache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation

Use of Cryptographically Weak Pseudo-Random Number Generator PRNG vulnerability in Apache StreamPipes user self-registration and password recovery mechanism. This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account. This issue...

0.05995EPSS
Exploits1References1
NVD
NVD
added 2024/06/24 7:15 a.m.24 views

CVE-2024-24553

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function...

7.5CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2024/06/24 7:10 a.m.62 views

CVE-2024-24553

CVE-2024-24553 relates to Bludit, where password hashes are computed with SHA-1 and the salt is generated by a non-cryptographically secure function. Attackers could brute-force SHA-1 to recover plaintext passwords, per the description in multiple sources. The connected documents consistently des...

7.5CVSS6.7AI score0.00217EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder