Lucene search
K

1305 matches found

CVE
CVE
added 2024/10/02 6:0 a.m.70 views

CVE-2024-7315

The CVE-2024-7315 entry concerns the Migration, Backup, Staging WPvivid WordPress plugin (versions prior to 0.9.106). The root cause is insufficient randomness in the backup filename, which could be brute-forced to leak sensitive backup information. Impact: unauthenticated disclosure of sensitive...

7.5CVSS7.4AI score0.00574EPSS
Exploits1References1Affected Software1
Amazon
Amazon
added 2024/10/02 12:0 a.m.19 views

Medium: c-ares

Issue Overview: Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from th...

6.5CVSS7.2AI score0.00905EPSS
Exploits0
Amazon
Amazon
added 2024/10/02 12:0 a.m.5 views

Medium: c-ares

Issue Overview: Insufficient randomness in generation of DNS query IDs When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from th...

6.5CVSS6.9AI score0.00905EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/10/02 12:0 a.m.4 views

PT-2024-38418 · Canonical +1 · Juju +1

Name of the Vulnerable Software and Affected Versions: juju versions prior to 2.9.51 juju versions prior to 3.1.10 juju versions prior to 3.3.7 juju versions prior to 3.4.6 juju versions prior to 3.5.4 Description: The JUJU CONTEXT ID is a predictable authentication secret. On a Juju machine or...

9.9CVSS6.3AI score0.97781EPSS
Exploits21References142
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.6 views

PT-2024-38261 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging WordPress plugin versions prior to 0.9.106 Description: The issue concerns the insufficient randomness in filenames created during backup generation, which could be bruteforced by attackers to leak sensitive...

7.5CVSS6.3AI score0.00574EPSS
Exploits1References8
OSV
OSV
added 2024/09/26 6:15 p.m.4 views

CVE-2024-47126

The goTenna Pro App does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast of an...

8.8CVSS5.8AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 6:15 p.m.5 views

CVE-2024-45723

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...

6.5CVSS5.8AI score0.00141EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/26 12:0 a.m.5 views

PT-2024-31741 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The issue is related to the generation of passwords for sharing cryptographic keys, where the goTenna Pro ATAK Plugin does not utilize SecureRandom. Instead, it uses a rando...

7.1CVSS6.7AI score0.00141EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.2 views

Apache Linkis 加密问题漏洞

Apache Linkis is a middleware product from the Apache Foundation that establishes an efficient connection between upper-tier applications and the underlying data engine. An encryption issue vulnerability exists in Apache Linkis version 1.5.0 and prior versions, which stems from the use of Commons...

7.5CVSS6.6AI score0.0054EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.6 views

The vulnerability of the NTP synchronization protocol lies in the use of insufficiently random values, which allows a perpetrator to cause a service failure.

The vulnerability of the NTP synchronization protocol lies in the use of insufficiently random values. Exploiting this vulnerability allows a remote attacker to cause a service failure...

5.9CVSS6.2AI score0.04071EPSS
Exploits0References12Affected Software4
BDU FSTEC
BDU FSTEC
added 2024/09/13 12:0 a.m.6 views

The vulnerability of the gnutls_rnd() function in the Samba networking software package, related to the use of insufficiently random values, allows a attacker to access confidential data.

The vulnerability of the gnutlsrnd function in the Samba networking software package is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker to gain access to confidential data...

5.5CVSS6.2AI score0.00408EPSS
Exploits1References10Affected Software5
OSV
OSV
added 2024/09/05 7:15 p.m.4 views

ALPINE-CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS6.9AI score0.00236EPSS
Exploits0References1
OSV
OSV
added 2024/09/05 7:15 p.m.5 views

UBUNTU-CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...

5.1CVSS5.8AI score0.00236EPSS
Exploits0References5
OSV
OSV
added 2024/09/04 7:15 p.m.3 views

UBUNTU-CVE-2024-44959

In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. ilru or isblist to not...

5.5CVSS6.1AI score0.00212EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2024/09/04 12:32 a.m.4 views

kernel: x86/coco: Require seeding RNG with RDRAND on CoCo systems

CVE-2024-35875 addresses a security concern in the Linux kernel's handling of confidential computing CoCo environments. In these setups, the virtual machine VM host is untrusted and may attempt to compromise guest VMs. A critical component for maintaining security in such environments is a reliab...

5.5CVSS7AI score0.00235EPSS
Exploits0References5
CVE
CVE
added 2024/08/27 6:44 p.m.69 views

CVE-2024-1544

CVE-2024-1544 describes a bias in the ECDSA nonce generation when k is obtained as r mod n, where a control-flow dependent reduction leaks MSB bias in k. The issue can enable lattice-reduction based reconstruction of k for certain curves (e.g., SECP160R1 with about 15 bits of bias). The connected...

4.9CVSS6.9AI score0.00349EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/08/27 6:44 p.m.8 views

CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

4.9CVSS5.3AI score0.00349EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/27 12:0 a.m.6 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in wolfSSL prior to version 5.7.2, which stems from the use of insufficiently randomized random numbers when generating...

4.9CVSS6.7AI score0.00349EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.7 views

PT-2024-29780 · Fiware · Fiware Keyrock

Name of the Vulnerable Software and Affected Versions: FIWARE Keyrock versions = 8.4 Description: The issue is related to insufficiently random values for generating password reset tokens, allowing attackers to take over the account of any user by predicting the token for the password reset link...

8.3CVSS7.2AI score0.00328EPSS
Exploits1References10
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.8 views

FIWARE Keyrock 安全漏洞

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

6.3CVSS6.8AI score0.00359EPSS
Exploits1References2
Rows per page
Query Builder