Lucene search
K

16 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-7830 UltraVNC MS-Logon II uses 64-bit Diffie-Hellman and seeded libc rand() enabling credential interception

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS0.00183EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40882

UltraVNC through 1.8.2.2 uses inadequate cryptography in the MS-Logon II authentication scheme rfbUltraVNCMsLogonIIAuth. In rfb/dh.cpp the Diffie-Hellman key exchange is performed with parameters that fit in an unsigned 64-bit integer DHMAXBITS controls the prime size. A 64-bit DH key can be brok...

7.4CVSS5.8AI score0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/26 5:37 p.m.19 views

CVE-2024-45723 goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator

The goTenna Pro ATAK Plugin does not use SecureRandom when generating passwords for sharing cryptographic keys. The random function in use makes it easier for attackers to brute force this password if the broadcasted encryption key is captured over RF. This only applies to the optional broadcast ...

7.1CVSS6.5AI score0.00143EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/05/25 10:15 p.m.139 views

CVE-2023-31147

c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom are unavailable, c-ares uses rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand so will generate predictable output. Input from the random number generator i...

6.5CVSS6.7AI score0.00905EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/02/21 7:33 p.m.55 views

K15935: NTP vulnerability CVE-2014-9294

Security Advisory Description util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. CVE-2014-9294 Impact Theoretically, a remote attacker can determine a weak...

7.5CVSS7.6AI score0.12978EPSS
Exploits1Affected Software18
Prion
Prion
added 2019/11/05 11:15 p.m.12 views

Design/Logic Flaw

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration...

5CVSS5.4AI score0.0092EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 1:45 a.m.42 views

Security Bulletin: Multiple vulnerabilities in ntp affect IBM Flex System Manager (FSM) (CVE-2014-9293, CVE-2014-9294, CVE-2014-9297, CVE-2014-9298)

Summary There are multiple vulnerabilities in ntp that is used by IBM Flex System Manager. Vulnerability Details Summary There are multiple vulnerabilities in ntp that is used by IBM Flex System Manager. Vulnerability Details: CVE-ID: CVE-2014-9293 Description: Network Time Protocol NTP Project N...

7.5CVSS0.6AI score0.12978EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/08/24 12:0 a.m.27 views

Debian DLA-600-1 : libgcrypt11 security update

The crypto library libgcrypt11 has a weakness in the random number generator. CVE-2016-6313 Felix Drre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator. An attacker who obtains 4640 bits from the RNG can...

5.3CVSS6.4AI score0.03597EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/07/19 12:0 a.m.29 views

F5 Networks BIG-IP : NTP vulnerability (SOL15935)

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

7.5CVSS7.2AI score0.12978EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2016/01/26 9:59 a.m.10 views

Government Agencies Audit For Juniper Backdoor

Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls. Letters went out late last week from the House Oversight & Government Reform Committee to the leaders of the various agencies asking them to provide th...

7.5AI score
Exploits0References4
OSV
OSV
added 2014/12/20 2:59 a.m.6 views

CVE-2014-9294

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.3AI score
Exploits0References22
NVD
NVD
added 2014/12/20 2:59 a.m.23 views

CVE-2014-9294

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.5CVSS3.9AI score0.12978EPSS
Exploits1References21
Prion
Prion
added 2014/12/20 2:59 a.m.29 views

Design/Logic Flaw

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.5CVSS6.9AI score0.12978EPSS
Exploits1References21Affected Software1
Debian CVE
Debian CVE
added 2014/12/20 2:0 a.m.24 views

CVE-2014-9294

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.5CVSS6.2AI score0.12978EPSS
Exploits1
Cvelist
Cvelist
added 2014/12/20 2:0 a.m.30 views

CVE-2014-9294

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

5.5AI score0.12978EPSS
Exploits1References21
UbuntuCve
UbuntuCve
added 2014/12/19 12:0 a.m.30 views

CVE-2014-9294

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.5CVSS7.2AI score0.12978EPSS
Exploits1References5
Rows per page
Query Builder