MAL-2024-11739 Malicious code in user-rand-agnt-user (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e5b1f023c010c55afb11b349054c1180303197e0d411176b276d26574d891702 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

Malicious code in user-rand-agnt-user (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e5b1f023c010c55afb11b349054c1180303197e0d411176b276d26574d891702 Inside the library there is a part running code hidden in the attached image, which then exfiltrate user-provided data, downloads and install next stage code,...

Medium: c-ares

Issue Overview: Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from th...

Updated tgt packages fix security vulnerability

tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. CVE-2024-45751...

An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.

...

DEBIAN-CVE-2024-45751

tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical...

Desdev DedeCMS 安全漏洞

DedeCMS is a popular content management system widely used to create and manage website content for a variety of application scenarios such as corporate websites and personal blogs. A code injection vulnerability exists in the articletemplaterand.php file in DedeCMS version 5.7.114. The...

CVE-2024-34722

In smpprocrand of smpact.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2024-26136

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description The issue is related to a possible authentication bypass during legacy BLE pairing due to an incorrect implementation of a protocol in the smp proc rand...

An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks a random number generator may be seeded with too little data.

...

UBUNTU-CVE-2024-4772

An HTTP digest authentication nonce value was generated using rand which could lead to predictable values. This vulnerability affects Firefox 126...

PT-2024-21352 · Chilkat · Chilkat

Name of the Vulnerable Software and Affected Versions: Chilkat versions prior to 9.5.0.98 Description: The issue allows attackers to obtain sensitive information via a predictable PRNG in the ChilkatRand::randomBytes function. Recommendations: For versions prior to 9.5.0.98, update to version...

ROS-20240404-02

Vulnerability of aresinetnetpton function of C-ares asynchronous DNS query library is related to violation of the initial buffer boundary. the initial buffer boundary. Exploitation of the vulnerability could allow an attacker to gain access to confidential data, violate its integrity, and cause a...

BIT-GOLANG-2022-30634 Indefinite hang with large buffers on Windows in crypto/rand

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 32 - 1 bytes...

EulerOS Virtualization 2.11.0 : c-ares (EulerOS-SA-2023-3066)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 2.10.1 : c-ares (EulerOS-SA-2023-2913)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

EulerOS Virtualization 2.11.1 : c-ares (EulerOS-SA-2023-3049)

According to the versions of the c-ares package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2828)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2023-2780)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : nodejs:18 (RLSA-2023:4035)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4035 advisory. - A flaw was found in the c-ares package. The aressetsortlist is missing checks about the validity of the input string, which allows a possible arbitrar...