Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2001-0950

EPSS 1.63% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2001-0950

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ValiCert Enterprise Validation Authority for Solaris弱随机设备漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3到4.2.1版本使用不足的随机数据(1)在使用C rand函数时产生HSMs会话标识符或者(2)在使用/dev/urandom代替联合信息熵低的块的其他源时产生证书或者密钥。本地或者远程攻击者能更容易借助强力猜测偷窃标识符或者证书。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2001-0950

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2001-0950

登录查看更多情报信息。

Same Patch Batch · n/a · 2002-02-02 · 110 CVEs total

CVE-2001-1005Starfish TrueSync Desktop密码泄露漏洞
CVE-2001-1025PHP-Nuke远程SQL查询篡改 漏洞
CVE-2001-1024Entrust getAccess login.gas.bat和CGI脚本Java程序执行漏洞
CVE-2001-1023Xcache路径泄露漏洞
CVE-2001-1021Progress Software Ipswitch WS_FTP Server 安全漏洞
CVE-2001-1019SeaGlass Technologies sglMerchant 目录遍历漏洞
CVE-2001-1018Lotus Domino内部IP地址泄露漏洞
CVE-2001-1015Snes9x本地缓冲区溢出漏洞
CVE-2001-1014WebDiscount E-Shop 远程任意命令执行漏洞
CVE-2001-1013Red Hat Linux Apache 远程列举用户名漏洞
CVE-2001-1012screen漏洞
CVE-2001-1009Fetchmail POP3证书索引签名回复漏洞
CVE-2001-1007REX 5000 PDA Starfish Truesync Desktop密钥泄露漏洞
CVE-2001-1006Starfish TrueSync Desktop不能保护数据漏洞
CVE-2001-0989Richard Everitt Pileup缓冲区溢出漏洞
CVE-2001-0992ShopPlus shopping cart shopplus.cgi漏洞
CVE-2001-0991Proxomitron跨站脚本攻击漏洞
CVE-2001-0990Inter7 vpopmail MySQL 认证数据恢复漏洞
CVE-2001-0994Marconi ForeThought 7.1 Telnet 管理拒绝服务漏洞
CVE-2001-0988Arkeia Backup全域可读文件创建漏洞

Showing top 20 of 110 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2001-0950

No comments yet

Leave a comment