CVE-2022-26851

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data loss...

CVE-2022-26852

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise...

CVE-2022-28355

randomUUID in Scala.js before 1.10.0 generates predictable values...

CVE-2022-28355

randomUUID in Scala.js before 1.10.0 generates predictable values...

CVE-2022-28355

randomUUID in Scala.js before 1.10.0 generates predictable values...

CVE-2022-28355

randomUUID in Scala.js before 1.10.0 generates predictable values...

CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSIONID is predictable. An attacker can hijack a valid session and conduct further malicious operations...

CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSIONID is predictable. An attacker can hijack a valid session and conduct further malicious operations...

Design/Logic Flaw

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSIONID is predictable. An attacker can hijack a valid session and conduct further malicious operations...

Use of cryptographically weak random number generator for password generation

Description Umbraco has a GeneratePassword function that is used to generate passwords that should be unpredictable, this function uses the .NET Random class which isn't cryptographically secure. Impact This vulnerability is capable of allowing attackers to predict generated passwords and use the...

CVE-2022-25219

A null byte interaction error has been discovered in the code that the telnetdstartup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP...

Unbonding validator random selection can be predicted

Lines of code Vulnerability details Impact When unbonding, the pickvalidator function is supposed to choose a random validator to unstake from. However, this randomness can be predicted knowing the block height which is very easy to predict. let mut iterationindex = 0; while claimed.u128 0 let mu...

CVE-2022-26317

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.29. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with...

CVE-2022-25219

CVE-2022-25219/25218 describe a flaw in the telnetd_startup routine where the use of RSA without padding (or OAEP) enables an unauthenticated attacker on the local network to influence the decrypted plaintext via crafted UDP packets, potentially gaining a root shell. The 25219 issue centers on a ...

CVE-2022-22700

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

Design/Logic Flaw

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant...

CVE-2022-22700

CyberArk Identity (versions up to 22.1) exposes the response header X-CFY-TX-TM in the StartAuthentication resource. In certain configurations this header contains predictable value ranges that can be used to infer whether a user exists in the tenant. The CVE is CVE-2022-22700; it is a header lea...

Fortinet FortiPortal Security Feature Issue Vulnerability

Fortinet FortiPortal is an advanced, feature-rich managed security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for use by MSPs. versions, a security feature issue vulnerability exists that stems from the use o...

Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400 Predictable Value Range From Previous Values (CVE-2017-7901)

A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series...

CVE-2016-3735

Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmtrand in order to generate password reset tokens. mtrand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an...