1305 matches found
PT-2024-29781 · Fiware · Fiware Keyrock
Name of the Vulnerable Software and Affected Versions: FIWARE Keyrock versions = 8.4 Description: The issue is related to insufficiently random values used for generating password reset tokens, allowing attackers to predict the token and disable two-factor authorization for any user. This makes i...
CVE-2024-6890
Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the password reset and change the administrator password...
CVE-2024-6890
Journyx (jtime) 11.5.4 on GNU/Linux is affected by an insecure source of randomness used to generate password reset tokens, enabling an unauthenticated attacker who knows a username to brute-force the reset and change the administrator password. Technical details describe token creation flaws and...
PT-2024-37931 · Journyx · Journyx
Name of the Vulnerable Software and Affected Versions: Journyx affected versions not specified Description: The issue arises from the generation of password reset tokens using an insecure source of randomness. This allows attackers who are aware of the username of the Journyx installation user to...
The vulnerability of the kernel of microprogramming software in embedded Qualcomm chips allows attackers to disclose protected information.
The vulnerability of the kernel of microprogramming software in embedded Qualcomm chips is related to the use of insufficiently random values. Exploiting this vulnerability can allow attackers to disclose protected information...
edk2: Use of a Weak PseudoRandom Number Generator
A security flaw has been identified in the cryptographic system of EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized remote attacker to potentially expose sensitive information...
Insufficient randomness in github.com/Masterminds/goutils
...
CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...
CVE-2024-5868 WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness
The WooCommerce - Social Login plugin for WordPress is vulnerable to Email Verification in all versions up to, and including, 2.6.2 via the use of insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...
WordPress Plugin WooCommerce-Social Login Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...
The vulnerability of microprogrammed software in the programmable logic controller SIMATIC S7-200 SMART is related to the use of insufficiently random values, which allows a intruder to cause malfunctions during maintenance.
The vulnerability of microprogrammed software in the SIMATIC S7-200 SMART programmable logic controller is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to predict the IP address sequence numbers and trigger a...
The vulnerability of the MileSight DeviceHub deployment platform, related to the use of insufficiently random values, allows a violator to execute arbitrary code.
The vulnerability of the MileSight DeviceHub deployment platform lies in the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...
CVE-2024-5149 BuddyForms <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...
WordPress BuddyForms plugin <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness vulnerability
Email Verification Bypass due to Insufficient Randomness vulnerability discovered by István Márton in WordPress Plugin BuddyForms versions = 2.8.9...
CVE-2024-36389
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass...
PT-2024-40424 · Stormpath · Stormpath-Sdk-Php
Name of the Vulnerable Software and Affected Versions: stormpath-sdk-php affected versions not specified Description: The issue is related to the use of an insecure random number generator RNG in the generation of UUID version 4 within the codebase. Recommendations: At the moment, there is no...
CLSA-2024-1716485695 php: Fix of 2 CVEs
CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...
CLSA-2024-1716485568 php: Fix of 2 CVEs
CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...
DEBIAN-CVE-2024-35875
In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...