Joomla 1.6.x < 3.9.25 Multiple Vulnerabilities (5834-joomla-3-9-25)

According to its self-reported version, the instance of Joomla! running on the remote web server is 1.6.x prior to 3.9.25. It is, therefore, affected by multiple vulnerabilities. - An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand function within the process of...

Design/Logic Flaw

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand function within the process of generating the 2FA secret...

CVE-2021-23126

CVE-2021-23126 applies to Joomla! core in versions 3.2.0 through 3.9.24, where the 2FA secret is generated using the insecure rand() function, introducing predictable randomness in the 2FA secret generation. This vulnerability is tied to insecure randomness in the 2FA secret generation process. M...

PT-2021-15381 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.2.0 through 3.9.24 Description: An issue was discovered in the usage of the insecure rand function within the process of generating the 2FA secret. Recommendations: For versions 3.2.0 through 3.9.24, consider updating to a...

AZL-41851 CVE-2021-27378 affecting package librsvg2 for versions less than 2.58.1-1

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...

Rust rand_core Security Feature Issue Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security signature vulnerability exists in Rust randcore, which is caused by readu32into and readu64into mishandling buffer length checks, and can be exploited to cause a buffer overflow or heap overflow. The...

Security update for rclone (moderate)

openSUSE Security Update: Security update for rclone Announcement ID: openSUSE-SU-2021:0272-1 Rating: moderate References: 1179005 Cross-References: CVE-2020-28924 CVSS scores: CVE-2020-28924 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Backports SLE-15-SP2 A...

FreeBSD : glpi -- weak csrf tokens (b64edef7-3b10-11eb-af2a-080027dbe4b7)

MITRE Corporation reports : In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6. C Tenable Network Security, Inc. The...

Security update for rclone (moderate)

openSUSE Security Update: Security update for rclone Announcement ID: openSUSE-SU-2020:2168-1 Rating: moderate References: 1179005 Cross-References: CVE-2020-28924 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This update fo...

Logic flaws exist in the O2OA system of Zhejiang Rand Vertical and Horizontal Network Technology Co.

The business scope of Zhejiang LANDZONE Network Technology Co., Ltd. includes: the development of computer software, network technology and its products, technical services, computer system integration, intelligent building system technical services and so on. There is a logic flaw vulnerability ...

openSUSE Security Update : rclone (openSUSE-2020-2008)

This update for rclone fixes the following issues : rclone was updated to version 1.53.3 : - Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo1179005 Nick Craig-Wood - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by...

CVE-2019-19794

The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries...

DEBIAN-CVE-2020-25576

An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints...

Debian DLA-2318-1 : wpa security update

The following CVEs have been reported against src:wpa. CVE-2019-10064 hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjuncti...

Exploit for Improper Authentication in Citrix Application_Delivery_Controller_Firmware

citrixadcnetscalerlfiscan !alt textcitrix This Metas...

CVE-2020-11035

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

ingersollrand.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1135879 Security Researcher ELProfesor Helped patch 2791 vulnerabilities Received 8 Coordinated Disclosure badges Received 106 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting ingersollrand.com...

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

Design/Logic Flaw

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...

CVE-2020-10560

An issue was discovered in Open Source Social Network OSSN through 5.3. A user-controlled file path with a weak cryptographic rand can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the...