CVE-2026-33710

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

UBUNTU-CVE-2025-13402

RNP PKESK Session Keys Generated as All-Zero...

The vulnerability of the openpgpGenerateKeyRsa() function in the personalization utility for smart cards PKCS15-INIT is a flaw in the software and library tools used to work with OpenSC smart cards. This vulnerability allows a perpetrator to circumvent security restrictions and execute arbitrary code.

The vulnerability of the openpgpGenerateKeyRsa function in the personalization utility for smart cards, part of the software and library suite for working with OpenSC smart cards, stems from an operation that occurs outside the buffer in memory during key generation. Exploiting this vulnerability...

The vulnerability of the Simple Key-Management for Internet Protocol (SKIP) protocol implementation in the PDF viewer macro of the XWiki PDF Viewer (Pro) allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the SKIP protocol implementation in the PDF viewer macro of XWiki PDF Viewer Macro Pro relates to the improper generation of keys. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

Cisco Adaptive Security Appliances Software 安全特征问题漏洞

Cisco Adaptive Security Appliances Software ASA Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides features such as highly secure access to data and network resources. A security vulnerability exists in Cisco Adaptive Security...

nodejs: weak randomness in WebCrypto keygen

A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...

golang: crypto/elliptic: incorrect operations on the P-224 curve

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity...

The vulnerability of the RSA key generation algorithm in the OpenSSL library allows a hacker to recover the private key.

The vulnerability of the RSA key generation algorithm in the OpenSSL library is related to errors in cryptographic transformations. Exploiting this vulnerability could allow a malicious actor, operating remotely, to recover the secret key...

ALPINE-CVE-2017-2626

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list...

USN-3628-1 openssl vulnerability

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys...

Scientific Linux Security Update : ntp on 7.x x86_64 (2015:2231)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2015:2231-4 advisory. - The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field...

UBUNTU-CVE-2014-9293

The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

alibaba.2.0.genkey.txt

Date: Fri, 21 May 1999 14:39:00 GMT From: [email protected] Chris Cowley Subject: Vulnerability in Windows SSL server and common browsers Some time ago, I downloaded a trial version of an SSL web server product for Windows NT called 'Alibaba 2.0' for evaluation as a possible SSL solution. I...