CVE-2024-53702

CVE-2024-53702 describes a cryptographically weak PRNG issue in the SonicWall SMA100 SSLVPN backup code generator, allowing an attacker to potentially predict the generated secret. Affected product: SonicWall SMA100 SSLVPN (backup code generator). Root cause: use of a weak PRNG. Impact: potential...

MindsDB 安全漏洞

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB version 23.10.2.0 and earlier, which stems from the presence of deserialization of untrusted data, allowing maliciously uploaded models to run arbitrary code on the server when...

hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions

A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation eIBRS capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer RSB...

CVE-2021-41120

sylius/paypal-plugin is a paypal plugin for the Sylius development platform. In affected versions the URL to the payment page done after checkout was created with autoincremented payment id /pay-with-paypal/id and therefore it was easy to predict. The problem is that the Credit card form has...

CVE-2021-26098

Concrete details from the connected documents describe CVE-2021-26098 as affecting Fortinet FortiSandbox’s RPC API prior to version 4.0.0. The root cause is a small space of random values used for session handling, which could let an attacker who has only a few pieces of state information about t...

Wind River ‘Security Incident’ Affects SSNs, Passport Numbers

Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the...

CVE-2019-11842

Affected products: Matrix Sydent < 1.0.3 and Matrix Synapse

openSUSE Security Update : libgcrypt (openSUSE-2016-1138)

This update for libgcrypt fixes the following issues : - RNG prediction vulnerability bsc994157, CVE-2016-6313 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

SUSE-SU-2016:2345-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - RNG prediction vulnerability bsc994157, CVE-2016-6313...

openSUSE Security Update : libgcrypt (openSUSE-2016-1042)

This update for libgcrypt fixes the following issues : - RNG prediction vulnerability boo994157, CVE-2016-6313 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2016-1042. The text...