75 matches found
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45237
EDK2 Network Package is vulnerable to a predictable TCP Initial Sequence Number (CVE-2023-45237) which could lead to unauthorized access and confidentiality loss. Several connected advisories note a patched version is available; remediation is to update edk2 to a fixed release per vendor/ distro ...
CVE-2023-45236 Predictable TCP ISNs in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45236
CVE-2023-45236 affects EDK II’s Network Package, which is vulnerable to a predictable TCP Initial Sequence Number. Public descriptions in connected documents identify the affected component as EDK II’s Network Package and note that exploitation could lead to unauthorized access and potential loss...
PT-2024-1256
Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number, which can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of...
The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products allows attackers to intercept existing sessions.
The vulnerability of the ISN Handler TCP connection processing component in Siemens’ software and hardware products is related to the predictability of random session numbers. Exploiting this vulnerability allows a malicious actor to intercept existing sessions remotely...
KASAGO IPv6/v4 Dual 安全特征问题漏洞
KASAGO IPv6/v4 Dual is KASAGO's protocol middleware for TCP/IP communication. A security vulnerability exists in KASAGO IPv6/v4 Dual that stems from an insufficiently randomized ISN Initial Sequence Number. An attacker can exploit this vulnerability to predict the value of the ISN...
CVE-2022-43501
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNsInitial Sequence Number for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones...
CVE-2021-45488
In NetBSD through 9.2, there is an information leak in the TCP ISN ISS generation algorithm...
CVE-2021-45488
In NetBSD through 9.2, there is an information leak in the TCP ISN ISS generation algorithm...
NetBSD 安全特征问题漏洞
NetBSD is an open source Unix-like operating system from the NetBSD Foundation. NetBSD suffers from a security signature issue vulnerability that stems from an information leak in the TCP ISN ISS generation algorithm in NetBSD through 9.2...
Siemens SIMATIC 安全特征问题漏洞
The LOGO! CMR family is a communication system for monitoring and controlling distributed devices and systems via text messages or e-mail.Siemens SIMATIC RTU3000C is a compact RTU from Siemens, Germany is a low-power remote terminal unit RTU for energy self-sufficiency. A vulnerability in the...
The vulnerability of the implementations of the ISN generators for TCP/IP NicheLite and InterNiche allows attackers to perform spoofing attacks.
The vulnerability of the ISN generator implementations for TCP/IP NicheLite and InterNiche is related to the use of insufficiently random values. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...
The vulnerability in the implementation of the ISN generator of the protocol stack used in Contiki OS and uIP allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ISN generator implementation used in the Contiki OS and uIP is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the implementation of the ISN generator for the PicoTCP protocol stack allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ISN generator implementation in the PicoTCP protocol stack is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
PT-2021-2229 · Siemens · Simatic Mv400
Name of the Vulnerable Software and Affected Versions: SIMATIC MV400 family versions prior to v7.0.6 Description: The issue is related to the implementation of the ISN generator in the TI-NDKTCPIP protocol stack, which uses insufficiently random values. This could allow a remote attacker to predi...
The vulnerability of the ISN IP pool generator implementation used in NutOS and Nut/Net arises from the use of insufficiently random values, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of the ISN IP pool generator implemented in NutOS and Nut/Net relates to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the implementation of the ISN generator in the protocols used by uC/OS and uC/TCP-IP allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ISN generator implementation in the uC/OS and uC/TCP-IP protocols is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
Code injection
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
CVE-2019-2317
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...