UBUNTU-CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

CVE-2024-4772

CVE-2024-4772 affects Mozilla Firefox earlier than 126. Root cause: HTTP digest authentication nonce generated with rand(), making nonces potentially predictable. Public sources confirm Firefox 126 and newer fix the issue; affected product is Firefox (desktop/mobile variants in MFSA reference). R...

Cross site request forgery (csrf)

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-38579

Westermo Lynx 206-F2G devices are affected by CVE-2023-38579, a Cross-Site Request Forgery (CSRF) vulnerability where the CSRF token can be predictable, enabling an attacker to craft malicious requests that a victim may trigger. Public documentation (CISA ICS advisory) confirms the vulnerability ...

Westermo Lynx 206-F2G Cross-Site Request Forgery Vulnerability

The Westermo Lynx 206-F2G is a Layer 3 industrial Ethernet switch from Westermo, Sweden, powered by the Westermo WeOS network operating system. A security vulnerability exists in the Westermo Lynx 206-F2G that stems from cross-site requests for forged tokens being predictable...

CVE-2023-47352

Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords...

Insecure Randomness

Amendment This was deemed not a vulnerability. Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted...

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bit...

Pool address predictability creates many problems

Lines of code Vulnerability details Impact The Aquifer.boreWell function is responsible for creating new Well. This is done using the LibClone.cloneDeterministic function. The address of the new Well depends solely on the salt and/or immutableData parameter provided by the user. Once a user creat...

AZL-43702 CVE-2023-31147 affecting package python-pycares 3.1.1-3

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

AZL-26875 CVE-2023-31147 affecting package nodejs18 for versions less than 18.17.1-2

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

Unleash Spring apps in a flex environment with Azure Spring Apps Consumption and Dedicated plans

In March, we introduced the Consumption pricing plan for Azure Spring Apps allowing you to start from zero and scale to zero vCPU. Today, we are thrilled to announce the public preview of the Standard Dedicated plan! The Standard Dedicated plan provides a fully managed, dedicated environment for...

CVE-2023-1732 Improper random reading in CIRCL

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

Gaining an Advantage in Roulette

You can beat the game without a computer: On a perfect roulette wheel, the ball would always fall in a random way. But over time, wheels develop flaws, which turn into patterns. A wheel thats even marginally tilted could develop what Barnett called a drop zone. When the tilt forces the ball to...

SUSE CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

SUSE CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

KASAGO IPv6/v4 Dual 安全特征问题漏洞

KASAGO IPv6/v4 Dual is KASAGO's protocol middleware for TCP/IP communication. A security vulnerability exists in KASAGO IPv6/v4 Dual that stems from an insufficiently randomized ISN Initial Sequence Number. An attacker can exploit this vulnerability to predict the value of the ISN...

CVE-2016-15005 Cryptographically weak random number generation in github.com/dinever/golf

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

Golf 跨站请求伪造漏洞

Golf is a fast, simple, and lightweight web framework for individual developers at Peixuan Ding. Golf suffers from a cross-site request forgery vulnerability that stems from an insecurely generated CSRF token. An attacker can exploit this vulnerability to predict CSRF tokens...

phpservermon 安全特征问题漏洞

phpservermon is a script that checks to see if your website and server are up and running. A security vulnerability exists in phpservermon that stems from the generatePasswordResetToken function of its src/psm/Service/User.php component causing the random number generator to use a predictable...