23 matches found
Net::NSCA::Client 安全漏洞
Net::NSCA::Client is a Perl library developed by DOUGDUDE’s individual developer. Versions of Net::NSCA::Client 0.009002 and earlier contain security vulnerabilities, which stem from the use of insecure random number generators. This could lead to the prediction of session IDs...
Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-40778 CVE-2025-40780 CVE-2025-8677)
IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:49:11 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory29.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-40778, CVE-2025-40780,...
CVE-2025-40780
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...
CVE-2025-40780 Cache poisoning due to weak PRNG
In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...
EUVD-2021-12919
Malware in sbrugna...
EUVD-2019-0082
Malware in sbrugna...
EUVD-2025-21693
Malicious code in bioql PyPI...
EUVD-2023-40432
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-1773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to...
CVE-2023-36483
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...
CVE-2023-36483
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...
CVE-2023-36483
Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...
CVE-2023-36483
CVE-2023-36483 involves an authorization bypass in Carrier MASmobile Classic, exploitable via session ID prediction. Affected products are MASmobile Classic for Android (versions 1.16.18 and earlier) and MASmobile Classic for iOS (versions 1.7.24 and earlier). The root cause is an authorization b...
PT-2024-12557 · Unknown · Masmobile Classic Ios +1
Name of the Vulnerable Software and Affected Versions: MASmobile Classic Android versions 1.16.18 and earlier MASmobile Classic iOS versions 1.7.24 and earlier Description: An authorization bypass can be achieved by session ID prediction, allowing remote attackers to retrieve sensitive data...
ieGeek IG20 安全特征问题漏洞
The ieGeek IG20 is a webcam from ieGeek. A security vulnerability exists in the ieGeek IG20 hipcam RealServer version V1.0, which stems from a predictability flaw in the algorithm that generates the device id uid as a result of its faulty access control, allowing a remote attacker to directly...
CVE-2021-26098
Concrete details from the connected documents describe CVE-2021-26098 as affecting Fortinet FortiSandbox’s RPC API prior to version 4.0.0. The root cause is a small space of random values used for session handling, which could let an attacker who has only a few pieces of state information about t...
CVE-2020-1773
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...
PYSEC-2019-154
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...
CVE-2013-6925
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value...
Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability
====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...