Lucene search
+L

328 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/01/29 10:54 a.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...

6.8CVSS6.3AI score0.00736EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/01/21 11:54 p.m.17 views

CVE-2025-22150

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

6.8CVSS6.3AI score0.00736EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/01/21 9:10 p.m.51 views

Use of Insufficiently Random Values in undici

Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...

6.8CVSS6.6AI score0.00736EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2025/01/21 6:15 p.m.14 views

CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS0.00736EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/01/21 5:46 p.m.36 views

CVE-2025-22150 Undici Uses Insufficiently Random Values

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS0.00736EPSS
Exploits0References7
CVE
CVE
added 2025/01/21 5:46 p.m.616 views

CVE-2025-22150

Undici (HTTP/1.1 client) is affected by CVE-2025-22150 in versions prior to 5.28.5, 6.21.1, and 7.2.3 due to using Math.random() to generate multipart/form-data boundaries. This can enable an attacker-controlled endpoint to tamper with requests if specific conditions are met, potentially affectin...

6.8CVSS6.4AI score0.00736EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/01/21 5:46 p.m.34 views

CVE-2025-22150 Undici Uses Insufficiently Random Values

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS6.3AI score0.00736EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/01/21 5:46 p.m.11 views

CVE-2025-22150

Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...

6.8CVSS7AI score0.00736EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.10 views

Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2018-13280)

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non- HTTPS sessions via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

7.4CVSS6.8AI score0.00634EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.24 views

Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2023-2729)

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager DSM before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. This plugin only works with Tenable.ot. Please visit...

7.5CVSS7.8AI score0.00875EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/08/12 11:33 a.m.40 views

CVE-2024-42165 Arbitrary User Activation

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

6.3CVSS0.00359EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/12 11:21 a.m.41 views

CVE-2024-42163 Password Manipulation

Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...

8.3CVSS0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/12 11:21 a.m.15 views

CVE-2024-42163 Password Manipulation

Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...

8.3CVSS7.1AI score0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/11 2:31 a.m.13 views

CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

6.3CVSS6.9AI score0.00786EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/08/11 2:31 a.m.27 views

CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

6.3CVSS0.00786EPSS
Exploits0References5
CVE
CVE
added 2024/08/11 2:31 a.m.59 views

CVE-2024-7659

CVE-2024-7659 (projectsend) affects the Password Reset Token Handler: the function generate_random_string in includes/functions.php produces insufficiently random values. This can be exploited remotely, affecting projectsend up to version r1605 . The issue is addressed by upgrading to version r17...

7.5CVSS4.2AI score0.00786EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/08/11 2:31 a.m.13 views

CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values

A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...

6.3CVSS4.7AI score0.00786EPSS
Exploits0References7
CNVD
CNVD
added 2024/08/02 12:0 a.m.5 views

Unspecified vulnerability in Linux kernel (CNVD-2024-35101)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the bpf module in the BPFCOREREADBITFIELD macro, where the variable val may be uninitialized. This could...

6.3CVSS6.6AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2024/07/30 8:15 a.m.5 views

UBUNTU-CVE-2024-42161

In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...

6.3CVSS6.3AI score0.0022EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2024/07/29 12:0 a.m.13 views

Dahua Security Cameras Use of Insufficiently Random Values (CVE-2020-9502)

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. This plugin only works with Tenable.ot. Please visit...

9.8CVSS7.4AI score0.01719EPSS
Exploits0References2
Rows per page
Query Builder