Total
254 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-17105 | 1 Centreon | 1 Centreon Web | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The token generator in index.php in Centreon Web before 2.8.27 is predictable. | |||||
CVE-2018-19441 | 1 Neatorobotics | 2 Botvac Connected, Botvac Connected Firmware | 2023-12-10 | 1.9 LOW | 4.7 MEDIUM |
An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot. | |||||
CVE-2010-3666 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | |||||
CVE-2019-18282 | 3 Debian, Linux, Netapp | 19 Debian Linux, Linux Kernel, 8300 and 16 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code. | |||||
CVE-2020-2099 | 1 Jenkins | 1 Jenkins | 2023-12-10 | 7.5 HIGH | 8.6 HIGH |
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | |||||
CVE-2020-9449 | 1 Justblab | 4 Blab\! Ax, Blab\! Ax Pro, Blab\! Ws and 1 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. | |||||
CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | |||||
CVE-2019-10084 | 1 Apache | 1 Impala | 2023-12-10 | 4.6 MEDIUM | 7.5 HIGH |
In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique and random, but have not been documented or consistently treated as sensitive secrets. Therefore they may be exposed in logs or interfaces. They were also not generated with a cryptographically secure random number generator, so are vulnerable to random number generator attacks that predict future IDs based on past IDs. Impala deployments with Apache Sentry or Apache Ranger authorization enabled may be vulnerable to privilege escalation if an authenticated attacker is able to hijack a session or query from another authenticated user with privileges not assigned to the attacker. Impala deployments with audit logging enabled may be vulnerable to incorrect audit logging as a user could undertake actions that were logged under the name of a different authenticated user. Constructing an attack requires a high degree of technical sophistication and access to the Impala system as an authenticated user. | |||||
CVE-2019-2294 | 1 Qualcomm | 94 Mdm9205, Mdm9205 Firmware, Mdm9206 and 91 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
CVE-2019-5232 | 1 Huawei | 6 Vp9630, Vp9630 Firmware, Vp9650 and 3 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. | |||||
CVE-2013-4102 | 1 Cryptocat Project | 1 Cryptocat | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness | |||||
CVE-2020-8631 | 3 Canonical, Debian, Opensuse | 3 Cloud-init, Debian Linux, Leap | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | |||||
CVE-2012-1562 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Joomla! core before 2.5.3 allows unauthorized password change. | |||||
CVE-2019-4411 | 1 Ibm | 1 Cognos Controller | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. | |||||
CVE-2016-4980 | 3 Ethz, Fedoraproject, Redhat | 3 Xquest, Fedora, Enterprise Linux | 2023-12-10 | 1.9 LOW | 2.5 LOW |
A password generation weakness exists in xquest through 2016-06-13. | |||||
CVE-2019-2317 | 1 Qualcomm | 40 Msm8905, Msm8905 Firmware, Msm8909 and 37 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 | |||||
CVE-2019-12434 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure. | |||||
CVE-2019-1543 | 1 Openssl | 1 Openssl | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j). | |||||
CVE-2019-11641 | 1 Anomali | 1 Agave | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system. | |||||
CVE-2019-11690 | 1 Denx | 1 U-boot | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. |