Jenkins Plugin Azure AD Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

CentOS 8 : nodejs:16 (CESA-2023:4034)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:4034 advisory. - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as see...

crypto-js uses insecure random numbers

The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

Integer overflow

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

CVE-2020-36732

CVE-2020-36732 affects crypto-js used in IBM-related deployments. The underlying issue: crypto-js versions before 3.2.1 for Node.js generate random numbers by concatenating the string "0." with an integer, yielding less randomness than expected. The NVD metrics show a base score of 5.3 (Medium) w...

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

WordPress Plugin Frontend File Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

AZL-26870 CVE-2023-31147 affecting package fluent-bit for versions less than 2.1.10-1

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

CVE-2023-31147

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

PT-2023-23180

Name of the Vulnerable Software and Affected Versions c-ares versions prior to 1.19.1 Description The issue arises when /dev/urandom or RtlGenRandom are unavailable, and c-ares uses rand to generate random numbers for DNS query ids. This approach is not a Cryptographically Secure PseudoRandom...

Use of block.timestamp

Lines of code Vulnerability details Impact Block timestamps have a purpose for a variety of applications, such as entropy for random numbers see the Entropy Illusion for further details, locking funds for periods of time, and various state-changing conditional statements that are time-dependent...

WordPress TF Random Numbers Plugin < 2.0.1 is vulnerable to Broken Access Control

Software TF Random Numbers Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0889 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 611153a666ff Credits dc11 Required privilege...

TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

The plugin does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the...

SUSE CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a...

SUSE CVE-2019-9898

Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71...

SUSE CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2016-15006

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator prng. The attack may be...

WordPress WP Affiliate Platform plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...