K16883: TCP sequence number vulnerability CVE-1999-0077

Security Advisory Description Predictable TCP sequence numbers allow spoofing. CVE-1999-0077 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status To determine if your release is known to be vulnerable, the components or features that are affected...

K3126: Large TCP window sizes may make it easier to predict sequence numbers vulnerability CVE-2004-0230

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribing to email notifications regarding F5 products. Note : Versions that are not listed in this article have not been evaluated for vulnerability to this securit...

K52559937: Overview of NGINX vulnerabilities (May 2021)

Security Advisory Description On May 25, 2021, NGINX announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your NGINX systems. The details of each issue can be found in the associated Security Advisory...

Mitsubishi Electric MELSEC iQ-F, iQ-R Series Predictable Seed in Pseudo-Random Number Generator (CVE-2022-40267)

Predictable Seed in Pseudo-Random Number Generator PRNG vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z x=32,64,80, y=T,R, z=ES,DS,ESS,DSS with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z...

Security Bulletin: IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID:CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sendi...

SUSE CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

SUSE CVE-1999-0077

Predictable TCP sequence numbers allow spoofing...

SUSE CVE-2002-0389

Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives...

SUSE CVE-2004-0996

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack...

SUSE CVE-2005-1270

The 1 checkupdate.sh and 2 rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack...

SUSE CVE-2007-2930

The 1 NSIDSHUFFLEONLY and 2 NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors...

SUSE CVE-2008-5360

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.218 and earlier; and SDK and JRE 1.3.123 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknow...

SUSE CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

SUSE CVE-2008-5743

pdfjam creates the 1 pdf90, 2 pdfjoin, and 3 pdfnup files with a predictable name, which allows local users to overwrite arbitrary files via a symlink attack...

SUSE CVE-2008-7252

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors...

SUSE CVE-2009-1297

iscsidiscovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise SLE 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name...

SUSE CVE-2009-3238

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

SUSE CVE-2011-0755

Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...

SUSE CVE-2011-2705

The SecureRandom.randombytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an...

SUSE CVE-2011-3871

Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files...