miekg/dns insecurely generates random numbers

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

CVE-2021-29023

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable...

CVE-2021-29023

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable...

Design/Logic Flaw

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable...

CVE-2021-29023

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable...

CVE-2020-27020

Password generator feature in Kaspersky Password Manager was not completely cryptographically strong and potentially allowed an attacker to predict generated passwords in some cases. An attacker would need to know some additional information for example, time of password generation...

CVE-2021-23892

By exploiting a time of check to time of use TOCTOU race condition during the Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrar...

Race condition

By exploiting a time of check to time of use TOCTOU race condition during the Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrar...

PT-2021-15594 · Mcafee · Endpoint Security For Linux Threat Prevention/Firewall

Name of the Vulnerable Software and Affected Versions: Endpoint Security for Linux Threat Prevention and Firewall ENSL TP/FW affected versions not specified Description: A local user can exploit a time of check to time of use TOCTOU race condition during the installation process to perform a...

getPseudoRand can be predicted

Handle @cmichelio Vulnerability details Vulnerability Details The NFTXVaultUpgradeable.getPseudoRand is not really random and can be predicted. It's also easy to make sure that one gets the correct token by having a smart contract simulate the randomness logic before the call to redeem / swap...

GHSA-G98M-96G9-WFJQ Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

Insecure path handling in Bundler

Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could pla...

CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

CVE-2021-3538

A flaw was found in github.com/satori/go.uuid. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker...

randomIndex is not truly random - possibility of predictably minting a specific token Id

Handle @GalloDaSballo Vulnerability details Impact Detailed description of the impact of this finding. randomIndex: Is not random Any miner has access to these values uint index = uintkeccak256abi.encodePackednonce, msg.sender, block.difficulty, block.timestamp % totalSize; Non miner attackers...

SUSE: Security Advisory (SUSE-SU-2015:1519-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-28055

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...

Cross site request forgery (csrf)

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...

CVE-2021-28055

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user...