160 matches found
CVE-2022-38970
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
Design/Logic Flaw
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
CVE-2022-38970
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
CVE-2022-38970
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs UIDs for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary...
CVE-2022-1615
In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...
GO-2022-0209 Insufficiently random values in golang.org/x/crypto/salsa20
XORKeyStream generates incorrect and insecure output for very large inputs. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream...
golang.org/x/crypto/salsa20/salsa uses insufficiently random values
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the...
Medium: kernel
Issue Overview: A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. CVE-2019-18808 A flaw was found in the Lin...
Belloo 安全特征问题漏洞
Belloo, a "high quality" dating software from Belloo, is vulnerable to an access control error that originates from the use of md5$time to generate password recovery code in requestsuser.php. An attacker could use this vulnerability to predict the time value on the server and could easily guess t...
CVE-2021-38606
reNgine through 0.5 relies on a predictable directory name...
in alovoa/alovoa
✍️ Description Random.setSeed should not be called with a constant integer argument. If a Random object is seeded with a specific value, the values returned by Random.nextInt and similar methods which return or assign values are predictable. 🕵️♂️ Proof of Concept Vulnerable code of:...
Debian DLA-2527-1 : snapd security update
golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix. CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka...
Distinguishing Among DNS Services Part 2: The Economics
This is Part 2 of a 3-part blog series highlighting some of the distinguishing aspects of Akamai's DNS services, Edge DNS and Global Traffic Management. Part 1 focused on Akamai's DNS platform and what sets it apart. In Part 2, we take a closer look at the economics of DNS pricing models and why...
Debian: Security Advisory (DLA-2454-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2454-1 : rclone security update
golang-go.crypto was recently updated with a fix for CVE-2019-11840. This in turn requires all packages that use the affected code to be recompiled in order to pick up the security fix. CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka...
Unspecified Vulnerability in BASETech GE-131 BT-1837836
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. The BASETech GE-131 BT-1837836 suffers from a device ID predictability vulnerability. An attacker can exploit this vulnerability to connect to the device...
Basetech Ge-131 Bt-1837836 安全漏洞
The BASETech GE-131 BT-1837836 is a Wi-Fi IP CCTV camera. The BASETech GE-131 BT-1837836 suffers from a device ID predictability vulnerability. An attacker can exploit this vulnerability to connect to the device...
[SECURITY] [DLA 2442-1] obfs4proxy security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2442-1 [email protected] https://www.debian.org/lts/security/ Brian May November 10, 2020 https://wiki.debian.org/LTS -...
Debian DLA-2402-1 : golang-go.crypto security update
CVE-2019-11840 An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle...
cloud-init through 19.4 relies on Mersenne Twister for a random password which makes it easier for attackers to predict passwords because rand_str in cloudinit/util.py calls the random.choice function.
...