FreeBSD : QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth (f5fa174d-19de-11ef-83d8-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f5fa174d-19de-11ef-83d8-4ccc6adda413 advisory. Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seed...

Security advisory: OAuth1 in QtNetworkAuth

The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This issue has been assigned the CVE id CVE-2024-36048. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of...

CVE-2023-6324

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...

CVE-2023-6324

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...

CVE-2023-6324 ThroughTek Kalay SDK error in handling the PSK identity

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...

CVE-2023-6324

ThroughTek Kalay SDK (used in Owlet Cam, Wyze Cam v3, Roku Indoor Camera SE) has a DTLS PSK handling flaw: it uses a predictable PSK value when an unexpected PSK identity is encountered, potentially exposing protected information. Related sources cite affected Kalay SDK versions (3.x to 4.x) and ...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2024-23333)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a security vulnerability that can be exploited by attackers to obtain predictable values...

CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox has a security vulnerability that can be exploited by attackers to obtain predictable values...

QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth

Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a PRNG that was seeded with a predictable seed. This means that an attacker that can somehow control the time of the first OAuth1 flow of the process has a high chance of predicting the nonce used in said OAuth flo...

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

CVE-2024-34490

In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d...

Mageia: Security Advisory (MGASA-2024-0159)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : et (2024-bd9e67c117)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd9e67c117 advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

Fedora 39 : et (2024-94a155818c)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-94a155818c advisory. Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 ---- Unbundle cpp-httlib, fixing CVE-2023-26130 Tenable has extracted the preceding...

Updated guava packages fix security vulnerabilities

A bug that could allow an attacker with access to the machine to potentially access data in a temporary directory created by the Guava. CVE-2020-8908 Predictable temporary files and directories used in FileBackedOutputStream. CVE-2023-2976...