Search
Search Results (45 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14647 | 6 Canonical, Debian, Fedoraproject and 3 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-11-21 | 7.5 High |
| Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. | ||||
| CVE-2018-12520 | 1 Ntop | 1 Ntopng | 2024-11-21 | 8.1 High |
| An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access. | ||||
| CVE-2018-12384 | 2 Mozilla, Redhat | 2 Network Security Services, Enterprise Linux | 2024-11-21 | N/A |
| When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. | ||||
| CVE-2016-3735 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.1 High |
| Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. | ||||
| CVE-2012-1577 | 3 Debian, Dietlibc Project, Openbsd | 3 Debian Linux, Dietlibc, Openbsd | 2024-11-21 | 9.8 Critical |
| lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | ||||