EUVD-2017-16872

Malware in sbrugna...

Insufficient Entropy

Overview thinbus-srp is a Secure Remote Password SRP SRP6a implementation. Affected versions of this package are vulnerable to Insufficient Entropy in the toHex function. An attacker can reduce the security margin of the protocol and potentially compromise session confidentiality by exploiting th...

Predictable Value Range from Previous Values

Overview Affected versions of this package are vulnerable to Predictable Value Range from Previous Values via the boundary value, which uses Math.random. An attacker can manipulate HTTP request boundaries by exploiting predictable values, potentially leading to HTTP parameter pollution. Remediati...

CVE-2023-6324 ThroughTek Kalay SDK error in handling the PSK identity

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...

PT-2023-9782 · Mitsubishi · Got2000 Series +1

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior Mitsubishi Electric Corporation GOT SIMPLE Series GS21 model versions 01.49.000 and prior Description: The issue is related to a Predictable Exact Value fr...

Ubuntu 18.04 ESM : Synapse vulnerabilities (USN-6076-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6076-1 advisory. It was discovered that Synapse incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input...

Schneider Electric Modicon PLCs Predictable Value Range From Previous Values (CVE-2017-6030)

A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected...

Schneider Electric Modicon PLCs Insufficiently Protected Credentials (CVE-2017-6028)

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...

Siemens APOGEE/TALON Field Panels

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: APOGEE PXC/TALON TC Vulnerabilities: Predictable Exact Value from Previous Values 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to hijack...

Weak randomness

Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...

Spryker Commerce OS Remote Command Execution Vulnerability

Spryker Commerce OS with spryker/http module versions prior to 1.7.0 suffer from a remote command execution vulnerability due to a predictable value in use. Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE referenc...

Spryker Commerce OS Remote Command Execution

Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2022-28888 Link ==== https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/ Text-only version:...

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

Design/Logic Flaw

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

CVE-2022-22700

CyberArk Identity (versions up to 22.1) exposes the response header X-CFY-TX-TM in the StartAuthentication resource. In certain configurations this header contains predictable value ranges that can be used to infer whether a user exists in the tenant. The CVE is CVE-2022-22700; it is a header lea...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Predictable Value Range From Previous Values (CVE-2017-7901)

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series...

Design/Logic Flaw

Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOSLOCALSECRET value, affecting password resets and invitations...

Rockwellautomation 1763-l16awa Use of Insufficiently Random Values

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series...

Rockwell Automation/Allen-Bradley MicroLogix Controllers <= 16.00 Predictable Value Range

Binary data 720125.prm...

Schneider Electric Modicon PLCs Predictable Value Range

Binary data 720116.prm...