68 matches found
PT-2022-17063 · Cwp · Cwp
Name of the Vulnerable Software and Affected Versions: CWP version 0.9.8.1126 Description: The password reset token is generated using known or predictable values. Recommendations: For CWP version 0.9.8.1126, consider disabling the password reset feature until a patch is available to prevent...
CVE-2022-28355
randomUUID in Scala.js before 1.10.0 generates predictable values...
CVE-2022-28355
randomUUID in Scala.js before 1.10.0 generates predictable values...
CVE-2022-28355
randomUUID in Scala.js before 1.10.0 generates predictable values...
CVE-2022-28355
randomUUID in Scala.js before 1.10.0 generates predictable values...
in w7corp/easywechat
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
in w7corp/easywechat
✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...
BMC Network Automation 8.7.00.000 Session Hijacking
Intro: The BMC Network Automation allows authenticated users to hijack established remote sessions of other users, version v8.7.00.000 b383 u038 was confirmed to be vulnerable. Details: Authenticated users of the BMC Network Automation web application with assigned aviewera role are able to hijac...
Cryptographically Weak PRNG in randomatic
Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended. Recommendation Update to version 3.0.0 or later...
MGASA-2017-0169 Updated libxslt packages fix security vulnerability
The libxslt library failed to seed its random number generator, resulting in predictable random values CVE-2015-9019...
Unspecified vulnerability in libxslt math.random function
libxslt is an XSLT XML Language for Defining XML Transformations C library developed for the GNOME project. A security vulnerability exists in libxslt 1.1.29 and earlier versions due to the program failing to initialize the EXSLT math.random function with a random seed. An attacker could use this...
Mageia: Security Advisory (MGASA-2015-0449)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0449 Updated gcc packages fix security vulnerability
It was discovered that the std::randomdevice class in libstdc++ would not properly detect short reads and could return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random. CVE-2015-5276...
Updated gcc packages fix security vulnerability
It was discovered that the std::randomdevice class in libstdc++ would not properly detect short reads and could return predictable values if applications used it to obtain randomness from a blocking source such as /dev/random. CVE-2015-5276...
Design/Logic Flaw
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveragi...
Design/Logic Flaw
The HTTP module in the 1 Branch Intelligent Management System BIMS and 2 web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a...
CVE-2012-3024
Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...
Authentication flaw
Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...
CVE-2012-3024
Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...
Ruby Random Number Values Information Disclosure Vulnerability (Jul 2011)
Ruby is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ruby-lang:ruby";...