Lucene search
K

104 matches found

UbuntuCve
UbuntuCve
added 2023/06/19 12:0 a.m.78 views

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

4.3CVSS6.3AI score0.00709EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-21469 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules...

9.1CVSS6.9AI score0.00811EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.3 views

SUSE CVE-2013-4788

The PTRMANGLE implementation in the GNU C Library aka glibc or libc6 2.4, 2.17, and earlier, and Embedded GLIBC EGLIBC does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow...

5.1CVSS7.8AI score0.11428EPSS
Exploits2References9
Prion
Prion
added 2022/12/06 6:15 p.m.15 views

Design/Logic Flaw

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

5CVSS7.5AI score0.00791EPSS
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.17 views

Weak randomness

Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...

6.8AI score
Exploits0
OSV
OSV
added 2022/07/13 4:17 p.m.8 views

SUSE-SU-2020:0948-2 Security update for gmp, gnutls, libnettle

This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello bsc1168345 FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode...

7.4CVSS7.3AI score0.03388EPSS
Exploits0References6
CNVD
CNVD
added 2022/07/13 12:0 a.m.25 views

Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Security Feature Issue Vulnerability (CNVD-2022-84616)

Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...

9.8CVSS0.9AI score0.01101EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/07/11 12:0 a.m.6 views

Dell BSAFE 安全特征问题漏洞

Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...

9.8CVSS5.5AI score0.01101EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2021/10/04 12:0 a.m.27 views

strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache

Strongswan Release Notes reports: Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990. Fixed a denial-of-service vulnerability ...

7.5CVSS2.4AI score0.06438EPSS
Exploits0References2
OSV
OSV
added 2021/05/24 6:15 p.m.3 views

CVE-2020-26557

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device without possession of the AuthValue used in the provisioning protocol to determine the AuthValue via a brute-force attack unless the AuthValue is sufficiently random and changed each time...

7.5CVSS5.8AI score0.00828EPSS
Exploits0References3
OSV
OSV
added 2021/05/05 1:15 p.m.12 views

CVE-2021-29245

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...

5.3CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2021/05/05 12:25 p.m.45 views

CVE-2021-29245

BTCPay Server prior to or including 1.0.7.0 uses a weak method (Next) to generate pseudo-random values for a legacy API key, which is the root cause of this CVE. The supplied connected documents confirm the affected product/version and the underlying issue; no explicit exploitation details or rem...

5.3CVSS5.2AI score0.00945EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2020/12/08 12:0 a.m.82 views

Schneider Electric Modicon M221 Programmable Logic Controller

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of...

9.8CVSS6.5AI score0.00719EPSS
Exploits0References5
CNNVD
CNNVD
added 2020/11/19 12:0 a.m.5 views

Schneider Electric Modicon M221 Security Breach

The Schneider Electric Modicon M221 is a programmable logic controller from Schneider Electric, France. The Modicon M221 has a security vulnerability that stems from the presence of a small-space random-value vulnerability, which can be exploited by an attacker to defeat an encryption key when...

7.3CVSS7.1AI score0.0029EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/09 7:44 p.m.14 views

Security Bulletin: IBM Security Guardium is affected by a Use of Insufficiently Random Value vulnerability

Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-4188 DESCRIPTION: IBM Security Guardium may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. CVSS Base score: 5.3 CVSS Temporal...

5.3CVSS0.5AI score0.01067EPSS
Exploits0Affected Software1
NVD
NVD
added 2020/08/11 7:15 p.m.32 views

CVE-2020-8918

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...

7.1CVSS6.4AI score0.0018EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/04/30 5:38 p.m.2 views

gnutls: DTLS client hello contains a random value of all zeroes

A cryptographic weakness was found in the way DLTS implementation of GnuTLS, used zeros in place of random numbers. This flaw can break the security guarantee of the DTLS protocol...

7.4CVSS7.3AI score0.03388EPSS
Exploits0References5
CNVD
CNVD
added 2019/05/22 12:0 a.m.3 views

Modicon M580/M340/Premium/Quantum Insufficient Random Value Usage Vulnerability

The Schneider Electric Modicon M580 is a programmable automation controller.The Schneider Electric Modicon Premium is a large programmable logic controller PLC for discrete or process applications.The Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process...

6.5CVSS6.8AI score0.0193EPSS
Exploits0References1
OSV
OSV
added 2019/04/29 3:29 p.m.1 views

DEBIAN-CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

5.9CVSS6AI score0.01496EPSS
Exploits0References1
OSV
OSV
added 2019/04/29 3:29 p.m.3 views

ALPINE-CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...

5.9CVSS8.9AI score0.01496EPSS
Exploits0References1
Rows per page
Query Builder