3096 matches found
AZL-39220 CVE-2023-45237 affecting package edk2 for versions less than 20230301gitf80f052277c8-40
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45237
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
AZL-38425 CVE-2023-45236 affecting package edk2 for versions less than 20240223gitedc6681206c1-1
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
AZL-39388 CVE-2023-45236 affecting package hvloader for versions less than 1.0.1-3
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45237
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
UBUNTU-CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45237
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45236 Predictable TCP ISNs in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45236 Predictable TCP ISNs in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45236
CVE-2023-45236 affects EDK II’s Network Package, which is vulnerable to a predictable TCP Initial Sequence Number. Public descriptions in connected documents identify the affected component as EDK II’s Network Package and note that exploitation could lead to unauthorized access and potential loss...
EDK2 Security Feature Issue Vulnerability
EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from the Network Package being susceptible to predictable TCP initial sequence numbers...
EulerOS Virtualization 2.11.1 : c-ares (EulerOS-SA-2023-3049)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
EulerOS Virtualization 2.10.0 : c-ares (EulerOS-SA-2023-2932)
According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...
CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file
It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...
CVE-2023-46740 Insecure random string generator used for sensitive data
CubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string...
CVE-2022-3010
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...
CVE-2022-3010
The Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite...