1305 matches found
MetaCPAN Net::EasyTCP 安全漏洞
MetaCPAN Net::EasyTCP is a module of the MetaCPAN Foundation. It is used to create secure, bandwidth-friendly TCP/IP clients and servers. A security vulnerability exists in MetaCPAN Net::EasyTCP versions 0.15 through 0.26, which stems from the use of Perl's built-in rand if a strong randomization...
DEBIAN-CVE-2018-25107
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...
CVE-2018-25107
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...
PT-2024-10625 · Unknown · Crypt::Random::Source
Name of the Vulnerable Software and Affected Versions: Crypt::Random::Source versions prior to 0.13 Description: The issue concerns the Crypt::Random::Source package for Perl, which has a fallback to the built-in rand function. This function is not a secure source of random bits, potentially...
Perl 安全漏洞
Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the PERL community. A security vulnerability exists in Perl versions prior to 0.13, which stems from the Crypt::Random::Source package falling back to the built-in rand function, which is not a safe source of...
CVE-2024-12432
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...
WordPress plugin WPC Shop as a Customer for WooCommerce 安全特征问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security feature...
CLSA-2024-1734368297 gnutls: Fix of 3 CVEs
Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...
BIT-NODE-MIN-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...
php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...
DEBIAN-CVE-2024-55566
ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...
The vulnerability of the SSL VPN remote access function in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to cause a service failure.
The vulnerability of the SSL VPN remote access function in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD systems is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
DEBIAN-CVE-2024-53125
In the Linux kernel, the following vulnerability has been resolved: bpf: synclinkedregs must preserve subregdef Range propagation must not affect subregdef marks, otherwise the following example is rewritten by verifier incorrectly when BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns call...
AZL-53579 CVE-2024-52616 affecting package avahi for versions less than 0.8-5
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs...
Bias of Polynomial Coefficients in Secret Sharing
Affected versions of this crate allowed for a bias when generating random polynomials for Shamir Secret Sharing, where instead of being within the range 0, 255 they were instead in the range 1, 255. A description from Cure53, who originally found the issue, is available: The correct method to...
F5 Nginx 授权问题漏洞
F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. An authorization issue vulnerability exists in F5 Nginx that stems from not checking random numbers at login...
UUID Attack
github.com/sylabs/sif is vulnerable to UUID attack. The vulnerability is due to insecure randomness in the github.com/satori/go.uuid module, allowing an attacker to predict UUIDs, potentially enabling them to impersonate or manipulate containers...
Amazon Linux 2 : c-ares (ALAS-2024-2646)
The version of c-ares installed on the remote host is prior to 1.19.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2646 advisory. Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to...
CVE-2024-7315
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups...
CVE-2024-7315 Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure
The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups...