Linux Distros Unpatched Vulnerability : CVE-2017-18021

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only appli...

Linux Distros Unpatched Vulnerability : CVE-2022-1434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacke...

CVE-2025-7773 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities

A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable...

CVE-2025-40923

A random session id generation flaw has been discovered in Plack-Middleware-Session. By default, session ids are generated by a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed if it is...

CVE-2025-43866

vantage6 is an open-source infrastructure for privacy preserving analysis. The JWT secret key in the vantage6 server is auto-generated unless defined by the user. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This vulnerability is...

CVE-2021-38606

reNgine through 0.5 relies on a predictable directory name...

CVE-2021-32744

Collabora Online is a collaborative online office suite. In versions prior to 4.2.17-1 and version 6.4.9-5, unauthenticated attackers are able to gain access to files which are currently opened by other users in the Collabora Online editor. For successful exploitation the attacker is required to...

CVE-2013-4708

The PPP Access Concentrator PPPAC in Internet Initiative Japan Inc. SEIL/x86 1.00 through 2.80, SEIL/X1 1.00 through 4.30, SEIL/X2 1.00 through 4.30, SEIL/B1 1.00 through 4.30, SEIL/Turbo 1.80 through 2.15, and SEIL/neu 2FE Plus 1.80 through 2.15 generates predictable random numbers, which allows...

Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog

A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability...

Linux Distros Unpatched Vulnerability : CVE-2011-2686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context- dependent attackers to predict the values of random numbe...

Incorrect Usage Of Seeds

org.apache.cocoon, cocoon-forms-impl is vulnerable to Incorrect Usage of Seeds . The vulnerability is due to predictability in the random number generation process, as the PRNG was seeded with the startup time, allowing attackers to guess continuation identifiers and access unauthorized...

Google gVisor 安全漏洞

Google gVisor is a user-space kernel written in the Go language for use in Linux systems. A security vulnerability exists in Google gVisor that stems from a weak mechanism for generating TCP/UDP source port equivalents, which makes it susceptible to the Port and Header Value Predictability...

CVE-2024-53702

Use of cryptographically weak pseudo-random number generator PRNG vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret...

Duplicate Advisory: Juju makes Use of Weak Credentials

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mh98-763h-m9v4. This link is maintained to preserve external references. Original Description JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on...

Nissan Altima Blind Spot Detection Sensor ECU 安全漏洞

The Nissan Altima Blind Spot Detection Sensor ECU is a blind spot detection sensor from Nissan Japan. A security vulnerability exists in the Nissan Altima Blind Spot Detection Sensor ECU that stems from predictable seed generation in the security access mechanism of the UDS, allowing an attacker ...

CVE-2022-48759

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsgctrldev and cdev struct rpmsgctrldev contains a struct cdev. The current code frees the rpmsgctrldev struct in rpmsgctrldevreleasedevice, but the cdev is a managed object, therefo...

SUSE CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

AI Trust Risk and Security Management: Why Tackle Them Now?

Co-authored by Sabeen Malik and Laura Ellis In the evolving world of artificial intelligence AI, keeping our customers secure and maintaining their trust is our top priority. As AI technologies integrate more deeply into our daily operations and services, they bring a set of unique challenges tha...

UBUNTU-CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...