RHEL 8 : edk2 (RHSA-2024:5297)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5297 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

Oracle Linux 8 : edk2 (ELSA-2024-5297)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5297 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-21854 RHEL-21856 RHEL-40099 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch...

FIWARE Keyrock 安全漏洞

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

Ciphertext Leakage

Netbird is vulnerable to Ciphertext Leakage. The vulnerability is due to the use of a static initialization vector IV in the Encrypt function within the crypt.go file, which does not change for different encryption operations and allows attackers to expose the sensitive information through...

SUSE CVE-1999-0024

DNS cache poisoning via BIND, by predictable query IDs...

CVE-2024-6477

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

CVE-2024-6477 UsersWP < 1.2.12 - Users Information Disclosure

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

CVE-2024-6477 UsersWP < 1.2.12 - Users Information Disclosure

The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address...

CVE-2024-6477

CVE-2024-6477 affects the UsersWP WordPress plugin prior to 1.2.12. The vulnerability arises from predictable filenames generated for admin exports, allowing unauthenticated attackers to download exports and access sensitive user data (IP, username, email). Public sources in connected documents c...

WordPress plugin UsersWP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Oracle Linux 9 : edk2 (ELSA-2024-4749)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4749 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-40270 RHEL-40272 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch RHEL-40270...

edk2: Predictable TCP Initial Sequence Numbers

A security flaw has been identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker to potentially disclose sensitive information...

Siemens SIMATIC S7-200 SMART Devices Use of Insufficiently Random Values (CVE-2024-35292)

Affected devices are using a predictable IP ID sequence number. This leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial-of-service condition. This...

CVE-2024-5634

Longse model LBH30FE200W cameras, as well as products based on this device, make use of telnet passwords which follow a specific pattern. Once the pattern is known, brute-forcing the password becomes relatively easy. Additionally, every camera with the same firmware version shares the same...

Important: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

RHEL 9 : edk2 (RHSA-2024:4419)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4419 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

CBL Mariner 2.0 Security Update: edk2 / hvloader (CVE-2023-45237)

The version of edk2 / hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45237 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This...

CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

CVE-2024-24554

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...

CVE-2024-24554 Bludit - Insecure Token Generation

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API...