SUSE CVE-2024-33904

In plugins/HookSystem.cpp in Hyprland through 0.39.1 before 28c8561, through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file...

PT-2024-25703 · Ipmi · Ipmi

Name of the Vulnerable Software and Affected Versions: IPMI affected versions not specified Description: The issue concerns implementations of IPMI Authenticated sessions that do not provide enough randomness, making them susceptible to session hijacking. An attacker can exploit this by using...

CVE-2024-33904

In plugins/HookSystem.cpp in Hyprland through 0.39.1 before 28c8561, through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file...

CVE-2024-33904

In plugins/HookSystem.cpp in Hyprland through 0.39.1 before 28c8561, through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file...

CVE-2024-33904

In plugins/HookSystem.cpp in Hyprland through 0.39.1 before 28c8561, through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file...

Hyprland 安全漏洞

Hyprland is a wlroots-based dynamic tiling Wayland composition application open-sourced by Hypr Development. A security vulnerability exists in Hyprland version 0.39.1 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary assembly code by writing predictable...

PT-2024-25539

Name of the Vulnerable Software and Affected Versions Hyprland versions through 0.39.1 Description A local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file through a race condition in plugins/HookSystem.cpp. This issue allows for the execution of...

CVE-2024-22144 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96...

CVE-2024-22144 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.21.96 - Unauthenticated Predictable Nonce Brute-Force Leading to RCE vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Eli Scheetz Anti-Malware Security and Brute-Force Firewall gotmls allows Code Injection.This issue affects Anti-Malware Security and Brute-Force Firewall: from n/a through 4.21.96...

Weak Pseudo-Random Number Generator

chilkat is vulnerable to the Use Of Cryptographically Weak Pseudo-Random Number Generator PRNG. The vulnerability is due to the predictable nature of the Pseudo-Random Number Generator PRNG utilized in the ChilkatRand::randomBytes function, allowing attackers to obtain sensitive information...

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...

CVE-2024-28957

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device...

CVE-2024-28957

The CVE-2024-28957 vulnerability affects Cente middleware TCP/IP Network Series devices. It is a predictable-IDs issue (CWE-340) where an attacker, remotely and without authentication, could disrupt or interfere communications by guessing packet header IDs. The Red Hat advisory and NVD records de...

PT-2024-22643 · Unknown · Cente Middleware Tcp/Ip Network Series

Name of the Vulnerable Software and Affected Versions: Cente middleware TCP/IP Network Series affected versions not specified Description: A generation of predictable identifiers issue exists in the Cente middleware TCP/IP Network Series. If this issue is exploited, a remote unauthenticated...

CVE-2024-31985 XWiki Platform CSRF in the job scheduler

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in...

CVE-2024-31985 XWiki Platform CSRF in the job scheduler

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in...

XWiki Platform CSRF in the job scheduler

Impact It is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. To reproduce in an XWiki installation, open...

CVE-2024-2730

Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available...