Lucene search
K

56 matches found

RedHat Linux
RedHat Linux
added 2023/07/12 8:17 a.m.4 views

c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation

A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand, which could allow an attacker to utilize the lack of entropy by no...

3.7CVSS7.2AI score0.00936EPSS
Exploits0References5
OSV
OSV
added 2023/05/25 10:15 p.m.1 views

DEBIAN-CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

3.7CVSS6.2AI score0.00936EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/01/12 9:18 a.m.6 views

libreoffice: Weak Master Keys

A flaw was found in LibreOffice, where the master key was poorly encoded, resulting in weakening its entropy from 128 to 43 bits. This issue makes the stored passwords that are encrypted with a single master key provided by the user vulnerable to a brute force attack if an attacker has access to...

8.8CVSS5.7AI score0.01139EPSS
Exploits0References4
OSV
OSV
added 2022/12/27 10:15 p.m.7 views

AZL-41275 CVE-2021-4238 affecting package influxdb for versions less than 2.7.3-3

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

9.1CVSS7.1AI score0.01319EPSS
Exploits1References1
OSV
OSV
added 2022/12/27 10:15 p.m.1 views

UBUNTU-CVE-2021-4238

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

9.1CVSS7.1AI score0.01319EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/12/27 9:13 p.m.9 views

CVE-2021-4238 Insufficient randomness in github.com/Masterminds/goutils

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by...

9.2AI score0.01319EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/12/27 12:0 a.m.60 views

GoUtils 安全特征问题漏洞

GoUtils is Masterminds open source a library . It provides users with utility functions that manipulate strings in various ways. A security vulnerability exists in Masterminds goutils that stems from the fact that randomly generated alphanumeric strings contain much less entropy than expected, an...

9.1CVSS7.2AI score0.01319EPSS
Exploits1References17
OSV
OSV
added 2022/07/25 3:15 p.m.7 views

UBUNTU-CVE-2022-26307

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 t...

8.8CVSS7.3AI score0.01139EPSS
Exploits0References5
OSV
OSV
added 2020/11/19 8:15 p.m.3 views

DEBIAN-CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

7.5CVSS7.2AI score0.01336EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/05/26 10:45 a.m.4 views

gcc: POWER9 "DARN" RNG intrinsic produces repeated output

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

7.5CVSS7.4AI score0.03207EPSS
Exploits0References5
OSV
OSV
added 2019/09/02 11:15 p.m.2 views

ALPINE-CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

7.5CVSS7AI score0.03207EPSS
Exploits0References1
OSV
OSV
added 2019/09/02 11:15 p.m.2 views

UBUNTU-CVE-2019-15847

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

7.5CVSS7.4AI score0.03207EPSS
Exploits0References4
Symantec
Symantec
added 2017/07/13 8:0 a.m.52 views

SA153: NSS Vulnerabilities Apr-May 2017

SUMMARY Symantec Network Protection products using affected versions of NSS are susceptible to two security vulnerabilities. A remote attacker can send empty SSLv2 messages and cause denial of service through application crashes. An attacker can also have unspecified impact by exploiting a...

5CVSS1.2AI score0.04302EPSS
Exploits0Affected Software10
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.59 views

Linux ASLR mmap weakness: Reducing entropy by half

A bug in Linux ASLR implementation has been found. The issue is that the mmap base address for processes is not properly randomized on some architectures due to an improper bit-mask manipulation. Affected systems have reduced the mmap area entropy of the processes by half. The number of possible...

Exploits0
Positive Technologies
Positive Technologies
added 2013/10/10 12:0 a.m.2 views

PT-2013-1026 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 3.11.4 Description: The issue is related to an off-by-one error in the get prng bytes function, which affects the management of the state of consumed data. This makes it easier for attackers to defeat cryptograph...

9.3CVSS7.2AI score0.14806EPSS
Exploits66References386
OSV
OSV
added 2008/03/06 12:0 a.m.72 views

DSA-1503-2 kernel-source-2.4.27 - several vulnerabilities

Bulletin has no description...

7.8CVSS6.8AI score0.05605EPSS
Exploits9
Rows per page
Query Builder