56 matches found
EUVD-2024-52312
Malicious code in bioql PyPI...
EUVD-2022-7482
Malicious code in bioql PyPI...
EUVD-2025-27230
Malicious code in bioql PyPI...
NewStart CGSL MAIN 6.06 : gcc Vulnerability (NS-SA-2025-0227)
The remote NewStart CGSL host, running version MAIN 6.06, has gcc packages installed that are affected by a vulnerability: - The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy...
CVE-2025-59015
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly...
TYPO3 CMS uses insufficient entropy when generating passwords
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly...
CVE-2025-59015
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly...
CVE-2025-59015 Insufficient Entropy in Password Generation
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly...
CVE-2025-59015 Insufficient Entropy in Password Generation
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly...
PT-2025-36691
Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: A deterministic three-character prefix in the Password Generation component reduces entropy, potentially enabling attackers to expedite brute-for...
Linux Distros Unpatched Vulnerability : CVE-2019-15847
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing...
An Efficient Construction of Raz's Two-Source Randomness Extractor with Improved Parameters
Randomness extractors are algorithms that distill weak random sources into near-perfect random numbers. Two-source extractors enable this distillation process by combining two independent weak random sources. Raz's extractor STOC '05 was the first to achieve this in a setting where one source has...
Data Encryption Battlefield: a Deep Dive into the Dynamic Confrontations in Ransomware Attacks
In the rapidly evolving landscape of cybersecurity threats, ransomware represents a significant challenge. Attackers increasingly employ sophisticated encryption methods, such as entropy reduction through Base64 encoding, and partial or intermittent encryption to evade traditional detection...
CVE-2024-36400
nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nanoid::base62 and nanoid::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62...
CVE-2024-54143 openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious...
GHSA-9HC7-6W9R-WJ94 Unable to generate the correct character set
Reduced entropy due to inadequate character set usage Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nanoid::base62 and nanoid::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the...
GHSA-2HFW-W739-P7X5 Duplicate Advisory: nano-id reduced entropy due to inadequate character set usage
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9hc7-6w9r-wj94. This link is maintained to preserve external references. Original Description Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the...
Reduced entropy due to inadequate character set usage
Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nanoid::base62 and nanoid::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...
c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...
c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...