CVE-2024-52616

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs...

PT-2024-35401 · Unknown +4 · Avahi-Daemon +4

Name of the Vulnerable Software and Affected Versions: Avahi-daemon affected versions not specified Description: A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior...

Salt preflight script could be attacker controlled

The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script wi...

Salt 安全漏洞

Salt is an automation, infrastructure management, data-driven orchestration, and remote execution application from the Salt project. Salt has a security vulnerability that stems from the Salt-SSH preflight option copying scripts to predictable paths to the target, which allows an attacker to forc...

Mars: unauthorized access and add user and change personal information all users

The report describes a vulnerability in the ██████████ website, where unauthorized access to an API endpoint allowed attackers to add new users and modify personal information of existing users. The vulnerability was classified as Improper Access Control. The issue stemmed from the absence of...

SUSE CVE-2024-7558

JUJUCONTEXTID is a predictable authentication secret. On a Juju machine non-Kubernetes or Juju charm container on Kubernetes, an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJUCONTEXTID value. This gives the unprivileged user access to t...

Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a released version of the github.com/go-mysql-org/go-mysql package. For more information, see https://github.com/github/advisory-database/pull/4990. Original Advisory Affected by CVE-2021-3538...

GHSA-RC7V-65V6-M2V3 Withdrawn Advisory: go-mysql affected by go.uuid's Predictable UUID Identifiers

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a released version of the github.com/go-mysql-org/go-mysql package. For more information, see https://github.com/github/advisory-database/pull/4990. Original Advisory Affected by CVE-2021-3538...

OESA-2024-2301 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access...

CVE-2024-40431

A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTLSCSIPASSTHROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user...

Oracle Linux 8 : edk2 (ELSA-2024-28600)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-28600 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain...

CVE-2024-10141 jsbroks COCO Annotator Session predictable state

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-10141 jsbroks COCO Annotator Session predictable state

A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRETKEY leads to predictable from observable state. It is possible to initiate the attack remotely. T...

CVE-2024-47187

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

UBUNTU-CVE-2024-47188

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker...

CVE-2024-47188

Suricata (IDS/IPS/NSM engine) is affected by CVE-2024-47188 and related 7.x/8.x issues. PTSecurity entries describe heap overflow in logging verdict information (eve.alert/eve.drop) for Suricata versions prior to 7.0.13 and prior to 8.0.2, potentially crashing the process. A workaround mentioned ...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

CVE-2024-47945

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...