34 matches found
bind: Cache poisoning due to weak PRNG
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator PRNG. This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS...
PT-2025-45604
Name of the Vulnerable Software and Affected Versions Jumo variTRON300 affected versions not specified Description A flaw exists in the password generation algorithm when accessing the debug interface. An unauthenticated local attacker who knows the password generation timeframe may be able to...
USN-7836-1: Bind vulnerabilities
Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain malformed DNSKEY records. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service. CVE-2025-8677 Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that...
EUVD-2022-51202
Malicious code in bioql PyPI...
CVE-2025-20613
Predictable Seed in Pseudo-Random Number Generator PRNG in the firmware for some IntelR TDX may allow an authenticated user to potentially enable information disclosure via local access...
CVE-2025-20613
Predictable Seed in Pseudo-Random Number Generator PRNG in the firmware for some IntelR TDX may allow an authenticated user to potentially enable information disclosure via local access...
The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. This vulnerability allows a attacker to execute a “man-in-the-middle” type attack.
The vulnerability of the SSH client ssh-agent on Jenkins automation servers is related to errors in the code of the pseudorandom number generator used for generating host keys. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” type attack...
SUSE SLES15 / openSUSE 15 Security Update : ovmf (SUSE-SU-2025:0421-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0421-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc12188...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0407-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0407-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 -...
Fedora: Security Advisory (FEDORA-2024-63f98f8c60)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-d940f25a53)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 39 : aws (2024-d940f25a53)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d940f25a53 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...
Fedora 40 : aws (2024-63f98f8c60)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-63f98f8c60 advisory. CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator. AWS.Utils.Random and AWS.Utils.RandomString used...
Oracle Linux 8 : edk2 (ELSA-2024-5297)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5297 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-21854 RHEL-21856 RHEL-40099 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch...
Oracle Linux 9 : edk2 (ELSA-2024-4749)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4749 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-40270 RHEL-40272 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch RHEL-40270...
Important: Red Hat Security Advisory: edk2 security update
An update for edk2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
RHEL 9 : edk2 (RHSA-2024:4419)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4419 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2022-48506
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct ICP and ICP2 and ImageCast Evolution ICE scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of...
CVE-2023-20107
Cisco CVE-2023-20107 affects Cisco ASA (5506-X, 5508-X, 5516-X) ASA Software and Cisco FTD Software due to insufficient entropy in the deterministic random bit generator (DRBG/PRNG) used for cryptographic key generation. The root cause is low entropy in DRBG on affected hardware, enabling an unau...