56 matches found
c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...
DEBIAN-CVE-2023-31124
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...
libreoffice: Weak Master Keys
A flaw was found in LibreOffice, where the master key was poorly encoded, resulting in weakening its entropy from 128 to 43 bits. This issue makes the stored passwords that are encrypted with a single master key provided by the user vulnerable to a brute force attack if an attacker has access to...
AZL-41275 CVE-2021-4238 affecting package influxdb for versions less than 2.7.3-3
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
UBUNTU-CVE-2021-4238
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...
GoUtils 安全特征问题漏洞
GoUtils is Masterminds open source a library . It provides users with utility functions that manipulate strings in various ways. A security vulnerability exists in Masterminds goutils that stems from the fact that randomly generated alphanumeric strings contain much less entropy than expected, an...
UBUNTU-CVE-2022-26307
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...
DEBIAN-CVE-2020-28924
An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...
gcc: POWER9 "DARN" RNG intrinsic produces repeated output
The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...
ALPINE-CVE-2019-15847
The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...
UBUNTU-CVE-2019-15847
The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...
SA153: NSS Vulnerabilities Apr-May 2017
SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to two security vulnerabilities. A remote attacker can send empty SSLv2 messages and cause denial of service through application crashes. An attacker can also have unspecified impact by exploiting a...
Linux ASLR mmap weakness: Reducing entropy by half
A bug in Linux ASLR implementation has been found. The issue is that the mmap base address for processes is not properly randomized on some architectures due to an improper bit-mask manipulation. Affected systems have reduced the mmap area entropy of the processes by half. The number of possible...
PT-2013-1026 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.11.4 Description: The issue is related to an off-by-one error in the get prng bytes function, which affects the management of the state of consumed data. This makes it easier for attackers to defeat cryptograph...
DSA-1503-2 kernel-source-2.4.27 - several vulnerabilities
Bulletin has no description...