16 matches found
EUVD-2022-5084
Malicious code in bioql PyPI...
CBL Mariner 2.0 Security Update: terraform (CVE-2018-9057)
The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-9057 advisory. - aws/resourceawsiamuserloginprofile.go in the HashiCorp Terraform Amazon Web Services AWS provider through...
Use of Insufficiently Random Values in Apereo CAS
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...
CVE-2020-11616
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator PRNG algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information...
CVE-2020-11616
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator PRNG algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information...
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...
CVE-2018-9057
aws/resourceawsiamuserloginprofile.go in the HashiCorp Terraform Amazon Web Services AWS provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password...
Design/Logic Flaw
aws/resourceawsiamuserloginprofile.go in the HashiCorp Terraform Amazon Web Services AWS provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password...
Horizon HD / WiFi Weak WiFi Passphrase Generation
---------------------------------------------------------------------------- Advisory ID: HCA0005 - http://hackingcorp.ch/advisories/HCA0005.pdf Product: Horizon HD / WiFi Vendor: Liberty Global plc companies Unitymedia GmbH, UPC Cablecom, ... Affected Versions: unknown Tested Versions: current...
CVE-2013-2803
ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack...
CVE-2013-2803
ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG algorithm and seeding strategy for passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack...
Code injection
A certain pseudo-random number generator PRNG algorithm that uses XOR and 2-bit random hops aka "Algorithm X2", as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as I...
Design/Logic Flaw
A certain pseudo-random number generator PRNG algorithm that uses ADD with 0 random hops aka "Algorithm A0", as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as 1 DNS transaction IDs or 2 IP fragmentation IDs by observing a...
CVE-2008-1146
A certain pseudo-random number generator PRNG algorithm that uses XOR and 3-bit random hops aka "Algorithm X3", as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issu...
CVE-2008-1147
A certain pseudo-random number generator PRNG algorithm that uses XOR and 2-bit random hops aka "Algorithm X2", as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as I...
CVE-2008-1148
A certain pseudo-random number generator PRNG algorithm that uses ADD with 0 random hops aka "Algorithm A0", as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as 1 DNS transaction IDs or 2 IP fragmentation IDs by observing a...