328 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to use of insufficient random values [CVE-2025-22150]
Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container for http calls. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands are vulnerable to use of insufficient random values. This bulletin provides...
CVE-2025-22150
A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...
Use of Insufficiently Random Values in undici
Impact Undici fetch uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled websit...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150 Undici Uses Insufficiently Random Values
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150
Undici (HTTP/1.1 client) is affected by CVE-2025-22150 in versions prior to 5.28.5, 6.21.1, and 7.2.3 due to using Math.random() to generate multipart/form-data boundaries. This can enable an attacker-controlled endpoint to tamper with requests if specific conditions are met, potentially affectin...
CVE-2025-22150 Undici Uses Insufficiently Random Values
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If...
Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2018-13280)
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non- HTTPS sessions via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
Synology DiskStation Manager Use of Insufficiently Random Values (CVE-2023-2729)
Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager DSM before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors. This plugin only works with Tenable.ot. Please visit...
CVE-2024-42165 Arbitrary User Activation
Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...
CVE-2024-42163 Password Manipulation
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...
CVE-2024-42163 Password Manipulation
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
CVE-2024-7659
CVE-2024-7659 (projectsend) affects the Password Reset Token Handler: the function generate_random_string in includes/functions.php produces insufficiently random values. This can be exploited remotely, affecting projectsend up to version r1605 . The issue is addressed by upgrading to version r17...
CVE-2024-7659 projectsend Password Reset Token functions.php generate_random_string random values
A vulnerability, which was classified as problematic, was found in projectsend up to r1605. Affected is the function generaterandomstring of the file includes/functions.php of the component Password Reset Token Handler. The manipulation leads to insufficiently random values. It is possible to...
Unspecified vulnerability in Linux kernel (CNVD-2024-35101)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the bpf module in the BPFCOREREADBITFIELD macro, where the variable val may be uninitialized. This could...
UBUNTU-CVE-2024-42161
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPFCOREREADBITFIELD Changes from V1: - Use a default branch in the switch statement to initialize val'. GCC warns that val' may be used uninitialized in the BPFCREREADBITFIELD macro, defined in...
Dahua Security Cameras Use of Insufficiently Random Values (CVE-2020-9502)
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. This plugin only works with Tenable.ot. Please visit...