Lucene search
K

1305 matches found

OSV
OSV
added 2024/05/19 9:15 a.m.4 views

UBUNTU-CVE-2024-35875

In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted a...

5.5CVSS6.6AI score0.00235EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2024/04/30 6:39 p.m.27 views

CVE-2024-3411 Insufficient Randomness When Validating an IPMI Authenticated Session

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device...

9.3AI score0.00718EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/30 6:39 p.m.29 views

CVE-2024-3411 Insufficient Randomness When Validating an IPMI Authenticated Session

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device...

9.4AI score0.00718EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/30 8:46 a.m.5 views

WordPress Customer Email Verification for WooCommerce plugin <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness vulnerability

Email Verification and Authentication Bypass due to Insufficient Randomness vulnerability discovered by István Márton in WordPress Plugin Email Verification for WooCommerce versions = 2.7.4...

8.1CVSS7AI score0.0085EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/09 6:58 p.m.18 views

CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness

The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...

5.9CVSS6.8AI score0.00704EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/09 6:58 p.m.27 views

CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness

The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract sensitive data...

5.9CVSS5.8AI score0.00704EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/05 12:0 a.m.7 views

Chilkat 安全漏洞

Chilkat is a cross-language, cross-platform API from Chilkat, Inc. A security vulnerability exists in Chilkat versions prior to v9.5.0.98. An attacker exploited the vulnerability to obtain sensitive information via a predictable PRNG in the ChilkatRand::randomBytes function...

6.2CVSS6.1AI score0.00265EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/03/28 12:0 a.m.4 views

The vulnerability of the `ticket_age_add` function in the Go programming language allows a violator to gain unauthorized access to session identifiers.

The vulnerability of the ticketageadd function in the Go programming language is related to the use of insufficiently random values. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to session identifiers...

3.1CVSS6.9AI score0.0088EPSS
Exploits1References13Affected Software26
WPVulnDB
WPVulnDB
added 2024/03/27 12:0 a.m.19 views

WP Reset < 2.0 - Sensitive Information Exposure due to Insufficient Randomness

Description The plugin is vulnerable to Sensitive Information Exposure via the use of insufficiently random snapshot names, allowing unauthenticated attackers to extract sensitive data including site backups by brute-forcing the snapshot filenames...

5.9CVSS6.6AI score0.00704EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.9 views

PT-2024-22210

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

5.3CVSS8.4AI score0.00436EPSS
Exploits0References6
HackRead
HackRead
added 2024/03/12 12:59 p.m.16 views

Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All

By Uzair Amir Blockchains lack true randomness, hindering applications like fair games, DeFi, and NFTs. Pyth Networks "Pyth Entropy" solves this… This is a post from HackRead.com Read the original post: Enhancing Blockchain Randomness To Eliminate Trust Issues Once For All...

7.3AI score
Exploits0
OSV
OSV
added 2024/03/11 7:13 p.m.4 views

CLSA-2024-1710184399 gnutls: Fix of 3 CVEs

Keep the broken pkcs11 tests disabled. - Added CVE-2024-0567 PoC test. - CVE-2023-5981-pre1: improve level of randomness for each operations, always use gnutlsswitchlibstate for pk wrappers. - CVE-2023-5981-pre2: add constant time/cache operations to prevent or minimaze timining or cache side...

7.5CVSS6.8AI score0.01614EPSS
Exploits2References1
OSV
OSV
added 2024/03/06 11:3 a.m.27 views

BIT-NODE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

9.1CVSS7.8AI score0.0187EPSS
Exploits1References5
NVD
NVD
added 2024/03/05 12:15 p.m.49 views

CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS7.4AI score0.00378EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2024/03/05 12:15 p.m.27 views

CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS6.4AI score0.00378EPSS
Exploits1References8
OSV
OSV
added 2024/03/05 12:15 p.m.0 views

UBUNTU-CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS6.3AI score0.00378EPSS
Exploits1References9
OSV
OSV
added 2024/03/05 11:18 a.m.7 views

CVE-2022-48629 crypto: qcom-rng - ensure buffer for generate is completely filled

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS6AI score0.00378EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2024/03/05 11:18 a.m.23 views

CVE-2022-48629

In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...

5.5CVSS5.3AI score0.00378EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.4 views

PT-2024-20913 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread versions through 5.0.2 Description: The issue is related to a weak random number generation algorithm used in RT-Thread. The algorithm, defined as seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;, is implemented in the calc...

7.5CVSS6.9AI score0.00816EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.22 views

CentOS 9 : c-ares-1.19.1-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the c-ares-1.19.1-1.el9 build changelog. - AutoTools does not set CARESRANDOMFILE during cross compilation rhel-9 CVE-2023-31124 - Buffer Underwrite in aresinetnetpton rhel-9...

7.5CVSS6.3AI score0.01577EPSS
Exploits0References5
Rows per page
Query Builder