Lucene search
K

1305 matches found

CNNVD
CNNVD
added 2025/01/02 12:0 a.m.6 views

MetaCPAN Net::EasyTCP 安全漏洞

MetaCPAN Net::EasyTCP is a module of the MetaCPAN Foundation. It is used to create secure, bandwidth-friendly TCP/IP clients and servers. A security vulnerability exists in MetaCPAN Net::EasyTCP versions 0.15 through 0.26, which stems from the use of Perl's built-in rand if a strong randomization...

5.4CVSS5.4AI score0.00367EPSS
Exploits0References3
OSV
OSV
added 2024/12/29 7:15 a.m.2 views

DEBIAN-CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

7.5CVSS5.3AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2024/12/29 7:15 a.m.42 views

CVE-2018-25107

The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand function, which is not a secure source of random bits...

7.5CVSS0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/29 12:0 a.m.5 views

PT-2024-10625 · Unknown · Crypt::Random::Source

Name of the Vulnerable Software and Affected Versions: Crypt::Random::Source versions prior to 0.13 Description: The issue concerns the Crypt::Random::Source package for Perl, which has a fallback to the built-in rand function. This function is not a secure source of random bits, potentially...

7.5CVSS6.8AI score0.00407EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/12/29 12:0 a.m.3 views

Perl 安全漏洞

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the PERL community. A security vulnerability exists in Perl versions prior to 0.13, which stems from the Crypt::Random::Source package falling back to the built-in rand function, which is not a safe source of...

7.5CVSS6.4AI score0.00407EPSS
Exploits0References2
NVD
NVD
added 2024/12/18 4:15 a.m.10 views

CVE-2024-12432

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...

8.1CVSS0.00535EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.3 views

WordPress plugin WPC Shop as a Customer for WooCommerce 安全特征问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security feature...

8.1CVSS8.3AI score0.00535EPSS
Exploits0References2
OSV
OSV
added 2024/12/16 4:58 p.m.3 views

CLSA-2024-1734368297 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

7.5CVSS6.8AI score0.01614EPSS
Exploits2References1
OSV
OSV
added 2024/12/16 2:1 p.m.15 views

BIT-NODE-MIN-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS8.7AI score0.0187EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/12/11 4:20 p.m.4 views

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

4.3CVSS5.8AI score0.00709EPSS
Exploits0References5
OSV
OSV
added 2024/12/09 2:15 a.m.2 views

DEBIAN-CVE-2024-55566

ColPack 1.0.10 through 9a7293a has a predictable temporary file located under /tmp with a name derived from an unseeded RNG. The impact can be overwriting files or making ColPack graphing unavailable to other users...

6.6CVSS5.3AI score0.00213EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.5 views

The vulnerability of the SSL VPN remote access function in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows a attacker to cause a service failure.

The vulnerability of the SSL VPN remote access function in Cisco Adaptive Security Appliance ASA and Cisco Firepower Threat Defense FTD systems is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

6.8CVSS5.5AI score0.00644EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2024/12/04 2:15 p.m.1 views

DEBIAN-CVE-2024-53125

In the Linux kernel, the following vulnerability has been resolved: bpf: synclinkedregs must preserve subregdef Range propagation must not affect subregdef marks, otherwise the following example is rewritten by verifier incorrectly when BPFFTESTRNDHI32 flag is set: 0: call bpfktimegetns call...

5.5CVSS5.5AI score0.00207EPSS
Exploits0References1
OSV
OSV
added 2024/11/21 9:15 p.m.7 views

AZL-53579 CVE-2024-52616 affecting package avahi for versions less than 0.8-5

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs...

5.3CVSS6.7AI score0.00681EPSS
Exploits0References1
RustSec
RustSec
added 2024/11/16 12:0 p.m.6 views

Bias of Polynomial Coefficients in Secret Sharing

Affected versions of this crate allowed for a bias when generating random polynomials for Shamir Secret Sharing, where instead of being within the range 0, 255 they were instead in the range 1, 255. A description from Cure53, who originally found the issue, is available: The correct method to...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.3 views

F5 Nginx 授权问题漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. An authorization issue vulnerability exists in F5 Nginx that stems from not checking random numbers at login...

5.4CVSS5.6AI score0.00339EPSS
Exploits0References3
Veracode
Veracode
added 2024/10/16 11:54 a.m.5 views

UUID Attack

github.com/sylabs/sif is vulnerable to UUID attack. The vulnerability is due to insecure randomness in the github.com/satori/go.uuid module, allowing an attacker to predict UUIDs, potentially enabling them to impersonate or manipulate containers...

7.5CVSS6.6AI score0.00958EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/10/03 12:0 a.m.18 views

Amazon Linux 2 : c-ares (ALAS-2024-2646)

The version of c-ares installed on the remote host is prior to 1.19.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2646 advisory. Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to...

6.5CVSS6.9AI score0.00905EPSS
Exploits0References4
OSV
OSV
added 2024/10/02 6:15 a.m.4 views

CVE-2024-7315

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups...

7.5CVSS5.8AI score0.00574EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/02 6:0 a.m.13 views

CVE-2024-7315 Migration, Backup, Staging – WPvivid < 0.9.106 - Unauthenticated Sensitive Data Exposure

The Migration, Backup, Staging WordPress plugin before 0.9.106 does not use sufficient randomness in the filename that is created when generating a backup, which could be bruteforced by attackers to leak sensitive information about said backups...

6.4AI score0.00574EPSS
Exploits1References1
Rows per page
Query Builder