CVE-2024-25407

CVE-2024-25407 affects SteVe v3.6.0. The issue is that StartTransaction requests use predictable transaction IDs, enabling an attacker to terminate other transactions and cause a DoS. The CVE records consistently describe this vulnerability and note a PoC in one data source; no concrete remediati...

CVE-2024-24828 Local Privilege Escalation in execuatables bundled by pkg

pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within...

Pkg Local Privilege Escalation

Impact Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has...

CVE-2023-38579

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-38579

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-38579 Westermo Lynx 206-F2G Cross-Site Request Forgery

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-38579 Westermo Lynx 206-F2G Cross-Site Request Forgery

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally...

CVE-2023-4472

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator PRNG coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application...

Objectplanet Opinio Security Vulnerability

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in Objectplanet Opinio 7.22 and earlier versions, which stems from Ben's use of a cryptographically weak pseudo-random number generator PRNG with predictable seeding, which could lead to the...

samba: GnuTLS gnutls_rnd() can fail and give predictable random values

A flaw was found in Samba. When the gnutlsrnd function is called, its return value is not verified, allowing it to give predictable random values when the call to the gnutlsrnd function fails...

CVE-2023-47352

Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords...

Default credentials

Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords...

CVE-2023-47352

Technicolor TC8715D devices are affected by CVE-2023-47352, which specifies predictable default WPA2 security passwords. The vulnerability arises from default credentials that can be inferred by an attacker who captures SSID/BSSID values, leading to potential compromise of confidentiality, integr...

PT-2024-13443 · Technicolor · Technicolor Tc8715D

Name of the Vulnerable Software and Affected Versions: Technicolor TC8715D affected versions not specified Description: The issue concerns Technicolor TC8715D devices, which have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict...

CVE-2024-23726

The CVE-2024-23726 entry concerns Ubee DDW365/XCNDDW365 devices with predictable default WPA2 PSKs that enable nearby attackers to derive the PSK by observing beacon frames. The PSK is generated from the first six characters of the SSID and the last six of the BSSID, decrementing the last digit, ...

CVE-2024-23726

Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and...

CVE-2024-23726

Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and...

SUSE CVE-2023-45236

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

CVE-2023-45237

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

CVE-2023-45237

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...