104 matches found
CVE-2023-3247
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...
PT-2023-21469 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules...
SUSE CVE-2013-4788
The PTRMANGLE implementation in the GNU C Library aka glibc or libc6 2.4, 2.17, and earlier, and Embedded GLIBC EGLIBC does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow...
Design/Logic Flaw
Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...
Weak randomness
Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...
SUSE-SU-2020:0948-2 Security update for gmp, gnutls, libnettle
This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello bsc1168345 FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode...
Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Security Feature Issue Vulnerability (CNVD-2022-84616)
Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...
Dell BSAFE 安全特征问题漏洞
Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...
strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache
Strongswan Release Notes reports: Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990. Fixed a denial-of-service vulnerability ...
CVE-2020-26557
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device without possession of the AuthValue used in the provisioning protocol to determine the AuthValue via a brute-force attack unless the AuthValue is sufficiently random and changed each time...
CVE-2021-29245
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key...
CVE-2021-29245
BTCPay Server prior to or including 1.0.7.0 uses a weak method (Next) to generate pseudo-random values for a legacy API key, which is the root cause of this CVE. The supplied connected documents confirm the affected product/version and the underlying issue; no explicit exploitation details or rem...
Schneider Electric Modicon M221 Programmable Logic Controller
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable from an adjacent network Vendor: Schneider Electric Equipment: Modicon M221 Programmable Logic Controller Vulnerabilities: Inadequate Encryption Strength, Small Space of Random Values, Missing Encryption of Sensitive Data, Exposure of...
Schneider Electric Modicon M221 Security Breach
The Schneider Electric Modicon M221 is a programmable logic controller from Schneider Electric, France. The Modicon M221 has a security vulnerability that stems from the presence of a small-space random-value vulnerability, which can be exploited by an attacker to defeat an encryption key when...
Security Bulletin: IBM Security Guardium is affected by a Use of Insufficiently Random Value vulnerability
Summary IBM Security Guardium has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-4188 DESCRIPTION: IBM Security Guardium may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. CVSS Base score: 5.3 CVSS Temporal...
CVE-2020-8918
An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and...
gnutls: DTLS client hello contains a random value of all zeroes
A cryptographic weakness was found in the way DLTS implementation of GnuTLS, used zeros in place of random numbers. This flaw can break the security guarantee of the DTLS protocol...
Modicon M580/M340/Premium/Quantum Insufficient Random Value Usage Vulnerability
The Schneider Electric Modicon M580 is a programmable automation controller.The Schneider Electric Modicon Premium is a large programmable logic controller PLC for discrete or process applications.The Schneider Electric Modicon Quantum is a large programmable logic controller PLC for process...
DEBIAN-CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...
ALPINE-CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...