Lucene search
K

328 matches found

ICS
ICS
added 2018/10/11 12:0 a.m.500 views

NUUO CMS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials 2. RISK...

9.8CVSS1.1AI score0.29639EPSS
Exploits2References36
ICS
ICS
added 2018/10/11 12:0 a.m.525 views

NUUO CMS (Update A)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS --------- Begin Update A Part 1 of 3 -------- Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical...

9.8CVSS10AI score0.60791EPSS
Exploits12References5
CNVD
CNVD
added 2018/08/09 12:0 a.m.6 views

MyCryptoChamp Information Disclosure Vulnerability

MyCryptoChamp is an ethereum-based blockchain game. An information disclosure vulnerability exists in the 'randMod' function in MyCryptoChamp's smart contract implementation, which stems from the fact that the 'randMod' function generates a publicly readable variable containing a public readable...

9.3CVSS5.6AI score0.04868EPSS
Exploits1References1
Prion
Prion
added 2018/07/30 2:29 p.m.22 views

Design/Logic Flaw

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...

4.3CVSS5.6AI score0.00634EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/07/30 12:0 p.m.51 views

CVE-2018-13280

CVE-2018-13280 affects Synology DiskStation Manager (DSM) prior to version 6.2-23739. The root cause is the use of insufficiently random values in SYNO.Encryption.GenRandomKey, which can allow remote attackers to perform a man-in-the-middle attack on non-HTTPS sessions. Practical impact stated is...

7.4CVSS5.6AI score0.00634EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/06/30 3:29 a.m.3 views

CVE-2017-6026

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...

9.1CVSS5.8AI score0.3182EPSS
Exploits5References3
Prion
Prion
added 2017/06/30 3:29 a.m.20 views

Session fixation

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...

6.4CVSS9AI score0.3182EPSS
Exploits5References3Affected Software2
NVD
NVD
added 2017/06/30 3:29 a.m.12 views

CVE-2017-6026

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...

9.1CVSS9.2AI score0.3182EPSS
Exploits5References3
Cvelist
Cvelist
added 2017/06/30 2:35 a.m.19 views

CVE-2017-6026

A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...

9.1AI score0.3182EPSS
Exploits5References3
ICS
ICS
added 2017/03/30 12:0 a.m.73 views

Schneider Electric Modicon PLCs

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon PLCs Vulnerability: Predictable Value Range from Previous Values, Use of Insufficiently Random Values, Insufficiently Protected Credentials AFFECTED PRODUCTS The following version...

9.1CVSS8.6AI score0.3182EPSS
Exploits5References3
OSV
OSV
added 2016/09/07 6:59 p.m.4 views

DEBIAN-CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

6.5CVSS6.5AI score0.01497EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2016/09/07 6:59 p.m.17 views

CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

6.5CVSS6.8AI score0.01497EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2016/09/07 6:0 p.m.37 views

CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

6.5CVSS6.3AI score0.01497EPSS
Exploits0
Cvelist
Cvelist
added 2016/09/07 6:0 p.m.20 views

CVE-2016-6345

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...

6AI score0.01497EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2016/09/01 12:48 a.m.23 views

CVE-2016-6345

It was found that there was insufficient use of randam values in RESTEasy async jobs. An attacker could use this flaw to steal user data. Mitigation Dont enable Async Jobs Service as details in the section, "2.10. RESTEASY ASYNCHRONOUS JOB SERVICE" of JBoss EAP 7 Developing Web Services...

6.5CVSS1AI score0.01497EPSS
Exploits0References1
OSV
OSV
added 2016/01/25 11:59 a.m.4 views

CVE-2016-1618

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

6.5CVSS7.3AI score
Exploits0References12
OSV
OSV
added 2016/01/22 12:0 a.m.2 views

UBUNTU-CVE-2016-1618

Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...

6.5CVSS7AI score0.01341EPSS
Exploits0References4
NVD
NVD
added 2015/11/17 3:59 p.m.15 views

CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

5CVSS7.6AI score0.02941EPSS
Exploits0References5
Prion
Prion
added 2015/11/17 3:59 p.m.17 views

Design/Logic Flaw

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

5CVSS6.7AI score0.02941EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2015/11/17 3:59 p.m.28 views

CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

5CVSS6.9AI score0.02941EPSS
Exploits0References2
Rows per page
Query Builder