Monthly
Keylime verifier uses a hardcoded challenge nonce instead of cryptographically random values for TPM quote attestation, allowing local attackers with root access on enrolled machines to capture valid quotes and replay them to bypass detection after system compromise. The vulnerability affects only push-model deployments and requires root privileges on the monitored endpoint; exploitation enables information disclosure and system integrity evasion with CVSS 6.3 severity.
mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. [CVSS 4.0 MEDIUM]
Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Keylime verifier uses a hardcoded challenge nonce instead of cryptographically random values for TPM quote attestation, allowing local attackers with root access on enrolled machines to capture valid quotes and replay them to bypass detection after system compromise. The vulnerability affects only push-model deployments and requires root privileges on the monitored endpoint; exploitation enables information disclosure and system integrity evasion with CVSS 6.3 severity.
mobile friendly marketing popups. versions up to 4.4.2. contains a security vulnerability (CVSS 5.3).
The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. [CVSS 4.0 MEDIUM]
Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.