1305 matches found
CVE-2023-4344
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection...
CVE-2023-4344 Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection...
CVE-2023-4344 Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection...
Broadcom RAID Controller Security Feature Issue Vulnerability
The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation USA. A security vulnerability exists in the Broadcom RAID Controller that stems from incorrect use of ssl.rnd to set up a CIM connection, which makes the web interface susceptible to insufficient randomization...
Intel Quartus Prime Pro Security Feature Issue Vulnerability
Intel Quartus Prime Pro is a set of multi-platform design environments from the U.S. company Intel Intel. The product is primarily used for programming programmable logic devices. A security vulnerability exists in Intel Quartus Prime Pro Edition prior to version 22.4, which stems from the presen...
PT-2023-28823 · Broadcom · Broadcom Raid Controller
Name of the Vulnerable Software and Affected Versions: Broadcom RAID Controller affected versions not specified Description: The Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to the improper use of ssl.rnd to set up a CIM connection. Recommendations: At the...
CVE-2023-26451
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...
CVE-2023-26451
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...
Authorization
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...
CVE-2023-26451
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts...
CVE-2023-26451
CVE-2023-26451 concerns Open-Xchange AppSuite’s integrated oAuth Authorization Service, which used a weak randomness source to generate authorization tokens. This made authorization codes predictable to third parties, enabling interception of the client authorization process and potential account...
PT-2023-20644 · Softwarex · Softwarex
Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue is related to the integrated oAuth Authorization Service, where functions with insufficient randomness were used to generate authorization tokens. This made authorization codes...
Open-Xchange AppSuite Security Feature Issue Vulnerability
Open-Xchange AppSuite is a set of Web cloud desktop environments from Open-Xchange Germany. The environment allows users to more intuitively manage email, tasks, files, and more. A security signature issue vulnerability exists in Open-Xchange AppSuite that stems from the integrated oAuth...
DEBIAN-CVE-2023-3247
In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...
Insecure Randomness
Overview Affected versions of this package are vulnerable to Insecure Randomness. If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value whe...
CVE-2023-3803
A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. Th...
PT-2023-26256 · Unknown · Chengdu Flash Flood Disaster Monitoring/Warning System
Name of the Vulnerable Software and Affected Versions: Chengdu Flash Flood Disaster Monitoring and Warning System version 2.0 Description: A problematic vulnerability has been found in the Chengdu Flash Flood Disaster Monitoring and Warning System. This issue affects an unknown part of the file...
RHEL 9 : nodejs (RHSA-2023:4036)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4036 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
RHEL 8 : nodejs:18 (RHSA-2023:4035)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4035 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
RHEL 8 : nodejs:16 (RHSA-2023:4034)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4034 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...