1305 matches found
CVE-2025-1953 vLLM AIBrix Prefix Caching hash.go random values
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
AIBrix 安全特征问题漏洞
AIBrix is a cost-effective and pluggable infrastructure component for GenAI inference open-sourced by vLLM. AIBrix version 0.2.0 suffers from a security feature issue vulnerability that stems from the presence of an insufficient randomness issue...
RLSA-2025:1611 Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...
UBUNTU-CVE-2022-49698
In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate from user context, ie. localout path. BUG: using smpprocessorid in preemptible 00000000 code: nginx/2725 caller is...
CVE-2022-49698 netfilter: use get_random_u32 instead of prandom
In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate from user context, ie. localout path. BUG: using smpprocessorid in preemptible 00000000 code: nginx/2725 caller is...
RockyLinux 8 : nodejs:18 (RLSA-2025:1582)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1582 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...
undici: Undici Uses Insufficiently Random Values
A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...
Moderate: Red Hat Security Advisory: nodejs:18 security update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...
Undici Uses Insufficiently Random Values
...
SUSE CVE-2023-1732
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
SUSE CVE-2023-3247
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...
undici: Undici Uses Insufficiently Random Values
A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...
ALSA-2025:1446 Moderate: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...
Moderate: nodejs:18 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...
Security update for ovmf
This update for ovmf fixes the following issues: CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 CVE-2023-45231: out-of-bounds...
CVE-2024-9312
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges...
CVE-2024-42163
Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...
Important: nodejs20
Issue Overview: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values...
CVE-2024-0761
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...