Lucene search
K

23 matches found

CNNVD
CNNVD
added 2026/03/05 12:0 a.m.5 views

Net::NSCA::Client 安全漏洞

Net::NSCA::Client is a Perl library developed by DOUGDUDE’s individual developer. Versions of Net::NSCA::Client 0.009002 and earlier contain security vulnerabilities, which stem from the use of insecure random number generators. This could lead to the prediction of session IDs...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References3
IBM AIX
IBM AIX
added 2026/02/18 8:49 a.m.9 views

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-40778 CVE-2025-40780 CVE-2025-8677)

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:49:11 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory29.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-40778, CVE-2025-40780,...

8.6CVSS5.7AI score0.1096EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/10/22 4:4 p.m.5 views

CVE-2025-40780

A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...

8.6CVSS6.4AI score0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/22 3:48 p.m.19 views

CVE-2025-40780 Cache poisoning due to weak PRNG

In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...

8.6CVSS0.00454EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2021-12919

Malware in sbrugna...

7.5CVSS7.6AI score0.00814EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-0082

Malware in sbrugna...

7.5CVSS7.6AI score0.0178EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-21693

Malicious code in bioql PyPI...

7.3CVSS6.3AI score0.00329EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-40432

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00495EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-1773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to...

8.1CVSS5.6AI score0.01503EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.6 views

CVE-2023-36483

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...

6.5CVSS5.5AI score0.00495EPSS
Exploits0References1
NVD
NVD
added 2024/03/16 5:15 a.m.16 views

CVE-2023-36483

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...

6.5CVSS6.3AI score0.00495EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/03/16 5:15 a.m.5 views

CVE-2023-36483

Authorization bypass can be achieved by session ID prediction in MASmobile Classic Android version 1.16.18 and earlier and MASmobile Classic iOS version 1.7.24 and earlier which allows remote attackers to retrieve sensitive data including customer data, security system status, and event history...

6.5CVSS5.8AI score0.00495EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2024/03/16 12:0 a.m.84 views

CVE-2023-36483

CVE-2023-36483 involves an authorization bypass in Carrier MASmobile Classic, exploitable via session ID prediction. Affected products are MASmobile Classic for Android (versions 1.16.18 and earlier) and MASmobile Classic for iOS (versions 1.7.24 and earlier). The root cause is an authorization b...

6.5CVSS5.5AI score0.00495EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2024/03/15 12:0 a.m.5 views

PT-2024-12557 · Unknown · Masmobile Classic Ios +1

Name of the Vulnerable Software and Affected Versions: MASmobile Classic Android versions 1.16.18 and earlier MASmobile Classic iOS versions 1.7.24 and earlier Description: An authorization bypass can be achieved by session ID prediction, allowing remote attackers to retrieve sensitive data...

6.5CVSS7.2AI score0.00495EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.3 views

ieGeek IG20 安全特征问题漏洞

The ieGeek IG20 is a webcam from ieGeek. A security vulnerability exists in the ieGeek IG20 hipcam RealServer version V1.0, which stems from a predictability flaw in the algorithm that generates the device id uid as a result of its faulty access control, allowing a remote attacker to directly...

6.5CVSS6.7AI score0.01008EPSS
Exploits1References2
CVE
CVE
added 2021/08/04 1:20 p.m.80 views

CVE-2021-26098

Concrete details from the connected documents describe CVE-2021-26098 as affecting Fortinet FortiSandbox’s RPC API prior to version 4.0.0. The root cause is a small space of random values used for session handling, which could let an attacker who has only a few pieces of state information about t...

7.5CVSS7.3AI score0.00814EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/03/27 1:15 p.m.18 views

CVE-2020-1773

An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects OTRS Community Edition:...

8.1CVSS6.7AI score
Exploits0References5
PyPA
PyPA
added 2019/12/09 9:15 p.m.7 views

PYSEC-2019-154

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

5.9CVSS7AI score0.02833EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2013/12/17 2:0 a.m.28 views

CVE-2013-6925

The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value...

6.6AI score0.01893EPSS
Exploits0References2
securityvulns
securityvulns
added 2013/02/24 12:0 a.m.81 views

Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability

====================================================================== Alt-N MDaemon's WorldClient Predictable Session ID Vulnerability ====================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type:...

0.6AI score
Exploits0
Rows per page
Query Builder