Lucene search
K

1305 matches found

Positive Technologies
Positive Technologies
added 2024/08/12 12:0 a.m.3 views

PT-2024-29781 · Fiware · Fiware Keyrock

Name of the Vulnerable Software and Affected Versions: FIWARE Keyrock versions = 8.4 Description: The issue is related to insufficiently random values used for generating password reset tokens, allowing attackers to predict the token and disable two-factor authorization for any user. This makes i...

4.3CVSS7.2AI score0.00356EPSS
Exploits1References6
OSV
OSV
added 2024/08/07 11:15 p.m.2 views

CVE-2024-6890

Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password...

8.8CVSS5.8AI score0.00717EPSS
Exploits3References2
CVE
CVE
added 2024/08/07 11:9 p.m.58 views

CVE-2024-6890

Journyx (jtime) 11.5.4 on GNU/Linux is affected by an insecure source of randomness used to generate password reset tokens, enabling an unauthenticated attacker who knows a username to brute-force the reset and change the administrator password. Technical details describe token creation flaws and...

9.8CVSS6.8AI score0.00717EPSS
Exploits3References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/07 12:0 a.m.5 views

PT-2024-37931 · Journyx · Journyx

Name of the Vulnerable Software and Affected Versions: Journyx affected versions not specified Description: The issue arises from the generation of password reset tokens using an insecure source of randomness. This allows attackers who are aware of the username of the Journyx installation user to...

9.8CVSS7AI score0.00717EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.5 views

The vulnerability of the kernel of microprogramming software in embedded Qualcomm chips allows attackers to disclose protected information.

The vulnerability of the kernel of microprogramming software in embedded Qualcomm chips is related to the use of insufficiently random values. Exploiting this vulnerability can allow attackers to disclose protected information...

7.1CVSS5.4AI score0.00101EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/09 10:2 a.m.5 views

edk2: Use of a Weak PseudoRandom Number Generator

A security flaw has been identified in the cryptographic system of EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized remote attacker to potentially expose sensitive information...

7.5CVSS7.3AI score0.00986EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.3 views

Insufficient randomness in github.com/Masterminds/goutils

...

9.1CVSS7.3AI score0.01319EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2024/06/15 3:35 a.m.20 views

CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

6.5CVSS6.9AI score0.00313EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/15 3:35 a.m.20 views

CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness

The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

6.5CVSS0.00313EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.3 views

WordPress Plugin WooCommerce-Social Login Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

6.5CVSS6.9AI score0.00313EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/06/14 12:0 a.m.6 views

The vulnerability of microprogrammed software in the programmable logic controller SIMATIC S7-200 SMART is related to the use of insufficiently random values, which allows a intruder to cause malfunctions during maintenance.

The vulnerability of microprogrammed software in the SIMATIC S7-200 SMART programmable logic controller is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to predict the IP address sequence numbers and trigger a...

8.5CVSS7.2AI score0.00387EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.5 views

The vulnerability of the MileSight DeviceHub deployment platform, related to the use of insufficiently random values, allows a violator to execute arbitrary code.

The vulnerability of the MileSight DeviceHub deployment platform lies in the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS5.9AI score0.00519EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/06/05 4:32 a.m.35 views

CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

6.5CVSS5.5AI score0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/05 4:32 a.m.17 views

CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

6.5CVSS7.1AI score0.00388EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/05 2:57 a.m.7 views

WordPress BuddyForms plugin <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness vulnerability

Email Verification Bypass due to Insufficient Randomness vulnerability discovered by István Márton in WordPress Plugin BuddyForms versions = 2.8.9...

6.5CVSS7AI score0.00388EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/02 2:15 p.m.3 views

CVE-2024-36389

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.4 views

PT-2024-40424 · Stormpath · Stormpath-Sdk-Php

Name of the Vulnerable Software and Affected Versions: stormpath-sdk-php affected versions not specified Description: The issue is related to the use of an insecure random number generator RNG in the generation of UUID version 4 within the codebase. Recommendations: At the moment, there is no...

5.3CVSS6.8AI score
Exploits0References6
OSV
OSV
added 2024/05/23 5:34 p.m.3 views

CLSA-2024-1716485695 php: Fix of 2 CVEs

CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...

6.2CVSS6.6AI score0.00709EPSS
Exploits0References1
OSV
OSV
added 2024/05/23 5:32 p.m.6 views

CLSA-2024-1716485568 php: Fix of 2 CVEs

CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...

6.2CVSS6.6AI score0.00709EPSS
Exploits0References1
OSV
OSV
added 2024/05/19 9:15 a.m.1 views

DEBIAN-CVE-2024-35875

In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...

5.5CVSS5.8AI score0.00235EPSS
Exploits0References1
Rows per page
Query Builder