Lucene search
K

1305 matches found

Cvelist
Cvelist
added 2025/03/04 8:0 p.m.10 views

CVE-2025-1953 vLLM AIBrix Prefix Caching hash.go random values

A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...

2.6CVSS0.00278EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.2 views

AIBrix 安全特征问题漏洞

AIBrix is a cost-effective and pluggable infrastructure component for GenAI inference open-sourced by vLLM. AIBrix version 0.2.0 suffers from a security feature issue vulnerability that stems from the presence of an insufficient randomness issue...

2.6CVSS4.3AI score0.00278EPSS
Exploits0References8
OSV
OSV
added 2025/02/26 7:9 p.m.11 views

RLSA-2025:1611 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: Node.js Worker Thread Exposure via Diagnostics Channel CVE-2025-23083...

7.7CVSS6.1AI score0.01282EPSS
Exploits0References4
OSV
OSV
added 2025/02/26 7:1 a.m.1 views

UBUNTU-CVE-2022-49698

In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate from user context, ie. localout path. BUG: using smpprocessorid in preemptible 00000000 code: nginx/2725 caller is...

7.8CVSS6AI score0.00283EPSS
Exploits0References14
OSV
OSV
added 2025/02/26 2:24 a.m.8 views

CVE-2022-49698 netfilter: use get_random_u32 instead of prandom

In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate from user context, ie. localout path. BUG: using smpprocessorid in preemptible 00000000 code: nginx/2725 caller is...

7.8CVSS4.9AI score0.00283EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/02/26 12:0 a.m.33 views

RockyLinux 8 : nodejs:18 (RLSA-2025:1582)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1582 advisory. undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 Tenable has...

6.8CVSS6.5AI score0.01282EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/02/17 12:52 p.m.3 views

undici: Undici Uses Insufficiently Random Values

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

6.8CVSS7.3AI score0.00736EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/02/17 12:52 p.m.26 views

Moderate: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.8CVSS6.6AI score0.01282EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2025/02/17 12:0 a.m.11 views

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

6.8CVSS6.7AI score0.01282EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2025/02/14 8:0 a.m.1 views

Undici Uses Insufficiently Random Values

...

6.8CVSS6.6AI score0.00736EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/14 7:2 a.m.3 views

SUSE CVE-2023-1732

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

5.3CVSS7.7AI score0.00386EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/14 6:57 a.m.4 views

SUSE CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

5.3CVSS5.2AI score0.00709EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/02/13 4:3 p.m.5 views

undici: Undici Uses Insufficiently Random Values

A flaw was found in the undici package for Node.js. Undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests t...

6.8CVSS7.3AI score0.00736EPSS
Exploits0References11
OSV
OSV
added 2025/02/13 12:0 a.m.16 views

ALSA-2025:1446 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

6.8CVSS5.6AI score0.01282EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2025/02/13 12:0 a.m.21 views

Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

6.8CVSS6.7AI score0.01282EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2025/02/10 1:56 p.m.0 views

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 CVE-2023-45231: out-of-bounds...

8.3CVSS7.3AI score0.02084EPSS
Exploits1References36
RedhatCVE
RedhatCVE
added 2025/02/05 4:42 a.m.2 views

CVE-2024-9312

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges...

7.5CVSS6.7AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:26 a.m.10 views

CVE-2024-42163

Insufficiently random values for generating password reset token in FIWARE Keyrock = 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link...

8.3CVSS7.1AI score0.00328EPSS
Exploits1References1
Amazon
Amazon
added 2025/02/05 12:0 a.m.5 views

Important: nodejs20

Issue Overview: Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses Math.random to choose the boundary for a multipart/form-data request. It is known that the output of Math.random can be predicted if several of its generated values...

7.7CVSS7.6AI score0.01282EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/04 11:4 p.m.8 views

CVE-2024-0761

The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract...

8.1CVSS6.5AI score0.01029EPSS
Exploits0References1
Rows per page
Query Builder