Lucene search
K

1305 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:12 a.m.5 views

CVE-2023-24478

Use of insufficiently random values for some Intel AgilexR software included as part of IntelR QuartusR Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access...

5.5CVSS5.9AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:53 a.m.11 views

CVE-2023-2729

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager DSM before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors...

7.5CVSS7AI score0.00875EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:51 a.m.5 views

CVE-2023-2418

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The...

5.9CVSS6.9AI score0.00726EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:57 a.m.14 views

CVE-2022-43485

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1...

6.5CVSS6.9AI score0.00474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:1 a.m.9 views

CVE-2022-43501

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNsInitial Sequence Number for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones...

9.1CVSS6.8AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 p.m.7 views

CVE-2022-23472

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

7.5CVSS6.8AI score0.00791EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.5 views

CVE-2021-29499

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...

7.5CVSS6.8AI score0.00958EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:34 p.m.8 views

CVE-2020-27213

An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers ISNs for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existin...

7.5CVSS6.9AI score0.00973EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:38 a.m.3 views

CVE-2019-25089

A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version...

7.5CVSS6.9AI score0.00647EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:18 a.m.6 views

CVE-2012-1598

Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."...

7.5CVSS6.9AI score0.01265EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/13 2:13 p.m.34 views

avahi: Avahi Wide-Area DNS Predictable Transaction IDs

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs...

5.3CVSS5.7AI score0.00681EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/05/08 11:50 a.m.3 views

SUSE CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

5.3CVSS6.3AI score0.00455EPSS
Exploits1References3
Veracode
Veracode
added 2025/05/07 5:59 p.m.5 views

Insecure Randomness

Formidable is vulnerable to Insecure Randomness. The vulnerability is due to weak randomness due to the use of the non-cryptographically secure hexoid module for generating temporary filenames for untrusted content...

3.1CVSS3.7AI score0.00357EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/05/03 11:15 a.m.4 views

CVE-2024-58135

Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand...

5.3CVSS6.3AI score0.00455EPSS
Exploits1References14Affected Software1
CNNVD
CNNVD
added 2025/05/03 12:0 a.m.7 views

Mojolicious 安全漏洞

Mojolicious is Mojolicious open source Perl-based real-time web framework. A security vulnerability exists in Mojolicious 9.39 and earlier versions, which stems from the use of an insecure rand function to generate weak HMAC session keys, which could lead to brute-force breaking of session keys...

5.3CVSS6.2AI score0.00455EPSS
Exploits1References10
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:0 a.m.59 views

Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.5.1 Vulnerability Details CVEID:CVE-2021-3538 DESCRIPTION: go.uuid could allow a remote attacker to obtain sensitive information, caused by the use of insecure randomness in the g.rand.Read function. By utilize...

9.8CVSS10AI score0.03168EPSS
Exploits4Affected Software1
NVD
NVD
added 2025/04/25 6:15 a.m.27 views

CVE-2025-3923

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...

5.3CVSS0.00333EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/25 5:25 a.m.5 views

CVE-2025-3923 Prevent Direct Access – Protect WordPress Files <= 2.8.8 - Unauthenticated Sensitive Information Exposure

The Prevent Direct Access – Protect WordPress Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.8 via the 'generateuniquestring' due to insufficient randomness of the generated file name. This makes it possible for unauthenticated...

5.3CVSS6.9AI score0.00333EPSS
Exploits0References3
Snyk
Snyk
added 2025/04/19 1:42 a.m.2 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to its use of the hexoid function in the generation of fingerprint IDs. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Vulnerability Report Credit: ZAST.AI...

8.8CVSS6.9AI score0.00357EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.2 views

Delta Electronics COMMGR 安全漏洞

Delta Electronics COMMGR is a communication management software from Delta Electronics China. A code execution vulnerability exists in Delta Electronics COMMGR that stems from insufficient randomness in session ID generation, which can be exploited by an attacker to brute-force break the session ...

9.8CVSS7.6AI score0.00624EPSS
Exploits0References2
Rows per page
Query Builder