CVE-2024-1579

The CVE concerns Secomea GateManager, specifically the Webserver modules, with an underlying flaw in the PRNG seeding. The root cause is Incorrect Usage of Seeds in the PRNG, which can lead to session hijacking. Affected/version info: GateManager before 11.2.624071020. Documented impact indicates...

PT-2024-20913 · Rt-Thread · Rt-Thread

Name of the Vulnerable Software and Affected Versions: RT-Thread versions through 5.0.2 Description: The issue is related to a weak random number generation algorithm used in RT-Thread. The algorithm, defined as seed = 214013L seed + 2531011L; return seed 16 & 0x7FFF;, is implemented in the calc...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a buffer overflow in crypto qcom-rng...

PT-2024-19442 · Gecko Sdk · Gecko Sdk

Name of the Vulnerable Software and Affected Versions: Gecko SDK versions through 4.4.0 Description: The issue arises from the use of a True Random Number Generator TRNG before its initialization by the ECDSA signing driver when exiting low-power modes EM2/EM3 on Virtual Secure Vault VSE devices...

EulerOS 2.0 SP11 : c-ares (EulerOS-SA-2023-2828)

According to the versions of the c-ares package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as...

Weak 2FA Code Generation

Fides is vulnerable to Weak Code Generation. The vulnerability is due to the usage of the python random module used for generating one time codes in the Privacy and Consent request process which is considered to be a cryptographically weak pseudo-random number generator. This issue allows an...

IXP Data EasyInstall Security Feature Issue Vulnerability

IXP Data EasyInstall is a remote management and deployment suite from IXP Data. A security vulnerability exists in IXP Data EasyInstall version 6.6.148840. A remote attacker exploited the vulnerability to escalate privileges via PRNG...

PT-2023-21346 · Unknown · Ixp Data Easy Install

Name of the Vulnerable Software and Affected Versions: IXP Data Easy Install version 6.6.148840 Description: An issue in IXP Data Easy Install allows a remote attacker to escalate privileges via an insecure Pseudo-Random Number Generator PRNG. Recommendations: For IXP Data Easy Install version...

New Admin Takeover Vulnerability Exposed in Synology's DiskStation Manager

A medium-severity flaw has been discovered in Synology's DiskStation Manager DSM that could be exploited to decipher an administrator's password and remotely hijack the account. "Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number...

PT-2023-32941 · Cocoon · Cocoon

Name of the Vulnerable Software and Affected Versions: cocoon versions prior to 0.4.0 Description: The issue is related to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new...

The vulnerability of the PHP programming language, related to the use of insufficiently random values, allows attackers to gain access to confidential data.

The vulnerability of the PHP programming language lies in the use of a random number generator that operates within a narrow range of values. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

Oracle Linux 8 : gcc (ELSA-2020-1864)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1864 advisory. - CVE-2018-12207 / Intel SKX102 OL8 gcc: Intel Mitigation for CVE: CVE-2018-12207 Tenable has extracted the preceding description block directly from the Oracle...

CVE-2023-4695

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

Code injection

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-4695 Use of Predictable Algorithm in Random Number Generator in pkp/pkp-lib

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

CVE-2023-4695 Use of Predictable Algorithm in Random Number Generator in pkp/pkp-lib

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

PT-2023-30268 · Public Knowledge · Pkp-Lib

Name of the Vulnerable Software and Affected Versions: pkp-lib versions prior to 3.3.0-16 Description: The issue concerns the use of a predictable algorithm in the random number generator. Recommendations: For versions prior to 3.3.0-16, update to version 3.3.0-16 or later to resolve the issue...

Account takeover via password reset

Description An attacker could predict all future password reset tokens due to the use of RandomStringUtils.randomAlphanumeric in PasswordService. An attacker could crack the random number generator RNG seed from a password reset token, then perform password resets on their and the victim’s...

Broadcom RAID Controller Security Feature Issue Vulnerability

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation USA. A security vulnerability exists in the Broadcom RAID Controller that stems from incorrect use of ssl.rnd to set up a CIM connection, which makes the web interface susceptible to insufficient randomization...

Cryptographic Flaw in Libbitcoin Explorer Cryptocurrency Wallet

Cryptographic flaws still matter. Heres a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild. EDITED TO ADD 8/14: A good explainer...