SUSE CVE-2007-2453

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, 1 does not properly seed pools when there is no entropy, or 2 uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on...

SUSE CVE-2007-3105

Stack-based buffer overflow in the random number generator RNG implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing...

SUSE CVE-2008-3217

PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing...

SUSE CVE-2014-0017

The RANDbytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator PRNG, which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid...

SUSE CVE-2016-10743

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an osrandom function call...

SUSE CVE-2017-3000

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure...

SUSE CVE-2017-11671

Under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially...

SUSE CVE-2019-1549

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

SUSE CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

SA40136 - Pulse Secure product information about Dual_EC_DRBG

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Pulse Secure will use this document to comment on whether Dual Elliptic Curve Deterministic Random Bit Generator aka DualECDRBG is used by any Pulse Secure products. No Pulse Secure...

CVE-2023-24828 Use of Cryptographically Weak Pseudo-Random Number Generator in Onedev

Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users or everyone if it allows self-registration may exploit this to elevate privilege to...

PT-2023-13779 · Mitsubishi · Melsec Iq-F Series Fx5Uc-32Mr/Ds-Ts +4

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z versions 1.280 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z versions 1.074 and prior Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z...

CVE-2016-15006

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator prng. The attack may be...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator prng. The attack may be...

CVE-2016-15006 enigmaX Scrambling Table main.c getSeed prng seed

A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator prng. The attack may be...

CVE-2016-15006

The CVE-2016-15006 vulnerability affects enigmaX up to version 2.2, specifically the getSeed function in Scrambling Table Handler (main.c). The issue causes a predictable PRNG seed, with remote attack potential. Exploitation is described as difficult, but a fix exists in version 2.3, with patch i...

Golf may allow attacker to bypass CSRF protections due to weak PRNG

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

CVE-2016-15005

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

Cross site request forgery (csrf)

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

CVE-2016-15005

CVE-2016-15005 affects the Go project github.com/dinever/golf. The root cause is CSRF tokens generated with math/rand, which is not cryptographically secure, allowing an attacker to predict token values and bypass CSRF protections with relatively few requests. Impact described across sources: CSR...