328 matches found
NUUO CMS
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical Resource, Use of Hard-coded Credentials 2. RISK...
NUUO CMS (Update A)
1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: NUUO Equipment: CMS --------- Begin Update A Part 1 of 3 -------- Vulnerabilities: Use of Insufficiently Random Values, Use of Obsolete Function, Incorrect Permission Assignment for Critical...
MyCryptoChamp Information Disclosure Vulnerability
MyCryptoChamp is an ethereum-based blockchain game. An information disclosure vulnerability exists in the 'randMod' function in MyCryptoChamp's smart contract implementation, which stems from the fact that the 'randMod' function generates a publicly readable variable containing a public readable...
Design/Logic Flaw
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager DSM before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors...
CVE-2018-13280
CVE-2018-13280 affects Synology DiskStation Manager (DSM) prior to version 6.2-23739. The root cause is the use of insufficiently random values in SYNO.Encryption.GenRandomKey, which can allow remote attackers to perform a man-in-the-middle attack on non-HTTPS sessions. Practical impact stated is...
CVE-2017-6026
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...
Session fixation
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...
CVE-2017-6026
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...
CVE-2017-6026
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization an...
Schneider Electric Modicon PLCs
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Schneider Electric Equipment: Modicon PLCs Vulnerability: Predictable Value Range from Previous Values, Use of Insufficiently Random Values, Insufficiently Protected Credentials AFFECTED PRODUCTS The following version...
DEBIAN-CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
CVE-2016-6345
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs...
CVE-2016-6345
It was found that there was insufficient use of randam values in RESTEasy async jobs. An attacker could use this flaw to steal user data. Mitigation Dont enable Async Jobs Service as details in the section, "2.10. RESTEASY ASYNCHRONOUS JOB SERVICE" of JBoss EAP 7 Developing Web Services...
CVE-2016-1618
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...
UBUNTU-CVE-2016-1618
Blink, as used in Google Chrome before 48.0.2564.82, does not ensure that a proper cryptographicallyRandomValues random number generator is used, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors...
CVE-2015-5276
The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...
Design/Logic Flaw
The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...
CVE-2015-5276
The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...