Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS : tgt vulnerability (USN-8325-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8325-1 advisory. It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could...

EUVD-2010-4534

Malware in sbrugna...

EUVD-2012-6544

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in...

CVE-2024-47945 Predictable Session ID

The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions...

PT-2024-32907 · Rittal Gmbh & Co. Kg +1 · Iot Interface & Cmc Iii Processing Unit +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, wit...

Updated tgt packages fix security vulnerability

tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. CVE-2024-45751...

DEBIAN-CVE-2024-45751

tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical...

SUSE CVE-2012-6702

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...

SUSE CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

EulerOS 2.0 SP2 : xulrunner (EulerOS-SA-2020-1619)

According to the versions of the xulrunner package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to...

DEBIAN-CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

UBUNTU-CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

CVE-2019-11690

CVE-2019-11690 affects Das U-Boot: gen_rand_uuid in lib/uuid.c in v2014.04–v2019.04. The root cause is a missing srand call when CONFIG_RANDOM_UUID is enabled, which can let an attacker determine UUID values used for GPT boot-device UUIDs. The vulnerability is documented with CVSS2/3 base metrics...

F5 Networks BIG-IP : Expat XML parser vulnerability (K65460334)

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. CVE-2012-6702 Impact An attacker may be able to defeat...