45 matches found
bind: Cache poisoning due to weak PRNG
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...
PT-2025-45604
Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...
USN-7836-1: Bind vulnerabilities
Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain malformed DNSKEY records. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. CVE-2025-8677 Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that...
CVE-2025-40780
In specific circumstances, due to a weakness in the Pseudo Random Number Generator PRNG that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.1...
EUVD-2022-51202
Malicious code in bioql PyPI...
CVE-2025-20613
Predictable Seed in Pseudo-Random Number Generator PRNG in the firmware for some IntelR TDX may allow an authenticated user to potentially enable information disclosure via local access...
CVE-2025-20613
Predictable Seed in Pseudo-Random Number Generator PRNG in the firmware for some IntelR TDX may allow an authenticated user to potentially enable information disclosure via local access...
SUSE SLES15 / openSUSE 15 Security Update : ovmf (SUSE-SU-2025:0421-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0421-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc12188...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0407-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0407-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 -...
SUSE-SU-2025:0421-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 - CVE-2023-45231:...
SUSE-SU-2025:0407-1 Security update for ovmf
This update for ovmf fixes the following issues: - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 - CVE-2023-45231:...
Fedora: Security Advisory (FEDORA-2024-d940f25a53)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-63f98f8c60)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : aws (2024-63f98f8c60)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-63f98f8c60 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...
Fedora 39 : aws (2024-d940f25a53)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d940f25a53 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...
Oracle Linux 8 : edk2 (ELSA-2024-5297)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5297 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-21854 RHEL-21856 RHEL-40099 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch...
Oracle Linux 9 : edk2 (ELSA-2024-4749)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4749 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-40270 RHEL-40272 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch RHEL-40270...
Important: Red Hat Security Advisory: edk2 security update
An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
RHEL 9 : edk2 (RHSA-2024:4419)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4419 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...