Inadequate Encryption Strength

Overview randompasswordgenerator is a generates a random password with various useful options. Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of Kernelrand to generate passwords, which, as a result of its cyclic nature, can facilitate password...

Froxlor guessable password reset token

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

GHSA-QJ6H-M7XC-R2V3 Froxlor guessable password reset token

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value...

CVE-2021-45705

An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer...

CVE-2021-3727

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

CVE-2021-3727

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

Command injection

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

CVE-2021-3727

CVE-2021-3727 concerns the ohmyzsh rand-quote and hitokoto plugins. The description states that quotes fetched from external APIs (quotationspage.com and hitokoto.cn) could, if containing certain symbols, trigger a command injection when processed and printed via print -P. The root cause is not d...

CVE-2021-3727 OS Command Injection in ohmyzsh/ohmyzsh

Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...

ohmyzsh 操作系统命令注入漏洞

ohmyzsh is an open source, community-driven framework for managing your zsh configuration. ohmyzsh suffers from an operating system command injection vulnerability that can be exploited by an attacker to trigger command injection via the rand-quote and hitokoto plugins...

DEBIAN-CVE-2021-34146

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart crash of the device by flooding it with LMPAURand packets after the pagi...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

Open redirect

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

CVE-2021-34430

Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic...

in w7corp/easywechat

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

openSUSE: Security Advisory for froxlor (openSUSE-SU-2021:0415-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for froxlor (moderate)

openSUSE Security Update: Security update for froxlor Announcement ID: openSUSE-SU-2021:0450-1 Rating: moderate References: 1025193 1082318 846355 958100 Cross-References: CVE-2016-5100 CVSS scores: CVE-2016-5100 NVD : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE...

openSUSE Security Update : froxlor (openSUSE-2021-415)

This update for froxlor fixes the following issues : - Upstream upgrade to version 0.10.23 boo846355 - Upstream upgrade to version 0.10.22 boo846355 - BuildRequire cron as this contains now the cron directories - Use %license for COPYING file instead of %doc boo1082318 Upstream upgrade to version...

Security update for froxlor (moderate)

openSUSE Security Update: Security update for froxlor Announcement ID: openSUSE-SU-2021:0415-1 Rating: moderate References: 1025193 1082318 846355 958100 Cross-References: CVE-2016-5100 CVSS scores: CVE-2016-5100 NVD : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE...