Total
346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6376 | 1 Henschen | 1 Court Document Management | 2024-11-21 | 5.3 Medium |
| Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents. | ||||
| CVE-2023-4462 | 1 Poly | 8 Ccx 400, Ccx 400 Firmware, Ccx 600 and 5 more | 2024-11-21 | 3.7 Low |
| A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255. | ||||
| CVE-2023-4344 | 1 Broadcom | 1 Raid Controller Web Interface | 2024-11-21 | 9.8 Critical |
| Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | ||||
| CVE-2023-41879 | 1 Openmage | 1 Magento | 2024-11-21 | 7.5 High |
| Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1. | ||||
| CVE-2023-3803 | 1 Cdwanjiang | 1 Flash Flood Disaster Monitoring And Warning System | 2024-11-21 | 2.6 Low |
| A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235071. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3247 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2024-11-21 | 2.6 Low |
| In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. | ||||
| CVE-2023-39979 | 1 Moxa | 1 Mxsecurity | 2024-11-21 | 9.8 Critical |
| There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values. | ||||
| CVE-2023-2418 | 1 Konghq | 1 Kong | 2024-11-21 | 3.1 Low |
| A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715. | ||||
| CVE-2023-26451 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-11-21 | 7.5 High |
| Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. | ||||
| CVE-2023-24478 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 5.5 Medium |
| Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-20185 | 1 Cisco | 2 Nexus 9000 In Aci Mode, Nx-os | 2024-11-21 | 7.4 High |
| A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites. Cisco has not released and will not release software updates that address this vulnerability. | ||||
| CVE-2023-20016 | 1 Cisco | 39 Firepower 4100, Firepower 4110, Firepower 4112 and 36 more | 2024-11-21 | 6.3 Medium |
| A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials. | ||||
| CVE-2022-40299 | 1 Singular | 1 Singular | 2024-11-21 | 7.8 High |
| In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language. | ||||
| CVE-2022-37400 | 1 Apache | 1 Openoffice | 2024-11-21 | 8.8 High |
| Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice | ||||
| CVE-2022-36536 | 2 Linux, Syncovery | 2 Linux Kernel, Syncovery | 2024-11-21 | 9.8 Critical |
| An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below allows attackers to escalate privileges via creating crafted session tokens. | ||||
| CVE-2022-34295 | 1 Totd Project | 1 Totd | 2024-11-21 | 6.5 Medium |
| totd before 1.5.3 does not properly randomize mesg IDs. | ||||
| CVE-2022-33707 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 5.3 Medium |
| Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. | ||||
| CVE-2022-32296 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056. | ||||
| CVE-2022-32284 | 1 Yokogawa | 2 Aw810d, Aw810d Firmware | 2024-11-21 | 7.5 High |
| Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. | ||||
| CVE-2022-30782 | 1 Openmoney Api Project | 1 Openmoney Api | 2024-11-21 | 7.5 High |
| Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers. | ||||