Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10603 | 2025-02-24 | N/A | N/A | ||
| Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances. | |||||
| CVE-2025-0218 | 1 Pgadmin | 1 Pgagent | 2025-02-11 | N/A | 5.5 MEDIUM |
| When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. | |||||
| CVE-2024-12034 | 2024-12-24 | N/A | 5.3 MEDIUM | ||
| The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts | |||||
| CVE-2024-28957 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device. | |||||
| CVE-2024-52299 | 1 Xwiki | 1 Pdf Viewer Macro | 2024-11-18 | N/A | 7.5 HIGH |
| macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6. | |||||
| CVE-2024-47945 | 1 Rittal | 4 Cmc Iii Processing Units, Cmc Iii Processing Units Firmware, Iot Interface and 1 more | 2024-10-21 | N/A | 9.8 CRITICAL |
| The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. The session IDs are predictable, with only 32,768 possible values per user, which allows attackers to pre-generate valid session IDs, leading to unauthorized access to user sessions. This is not only due to the use of an (insecure) rand() function call but also because of missing initialization via srand(). As a result only the PIDs are effectively used as seed. | |||||
| CVE-2024-7558 | 2024-10-04 | N/A | 8.7 HIGH | ||
| JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm. | |||||