yii2 安全特征问题漏洞

yii2 is a fast, secure and professional PHP framework. A security vulnerability exists in yii2 that stems from yii2's susceptibility to predictable algorithms in random number generators...

yii2 安全特征问题漏洞

yii2 is a fast, secure and professional PHP framework. A security vulnerability exists in yii2 that stems from yii2's susceptibility to predictable algorithms in random number generators...

CVE-2021-3678

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG...

Fortinet FortiMail 安全特征问题漏洞

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides email security and data protection features. A security signature vulnerability exists in Fortinet FortiMail, which stems from the use of a weak pseudo-random number generator in the...

Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

CVE-2021-0131

Use of cryptographically weak pseudo-random number generator PRNG in an API for the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access...

Adventures in Contacting the Russian FSB

KrebsOnSecurity recently had occasion to contact the Russian Federal Security Service FSB, the Russian equivalent of the U.S. Federal Bureau of Investigation FBI. In the process of doing so, I encountered a small snag: The FSBs website said in order to communicate with them securely, I needed to...

Design/Logic Flaw

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

CVE-2008-3280

It was found that various OpenID Providers OPs had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator CVE-2008-0166. In combination with the DNS Cache Poisoning issue CVE-2008-1447 and the fact that almost all SSL/TLS implementations do not...

GO-2020-0045 Cryptographically weak random number generation in github.com/dinever/golf

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests...

GHSA-W3HJ-WR2Q-X83G Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

Insecure Random Number Generator

yapi-vendor uses an insecure random number generator. The JSON Web Token JWT signing secret generation allows recreation of other users' JWT tokens due to the usage of an insecure random number generator Math.random...

USN-4842-1: ntopng vulnerability

It was discovered that ntopng did not properly seed its random number generator, leading to predictable session tokens. An attacker could use this vulnerability to hijack a user's session...

CVE-2021-27378

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...

CVE-2021-27378

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...

CVE-2021-27378

The CVE-2021-27378 issue affects the rand_core crate prior to 0.6.2 for Rust. The root cause is mishandling in read_u32_into and read_u64_into that can lead to a random number generator being seeded with insufficient data, enabling an improper seed condition. Public references in the connected do...

CVE-2021-27378

An issue was discovered in the randcore crate before 0.6.2 for Rust. Because readu32into and readu64into mishandle certain buffer-length checks, a random number generator may be seeded with too little data...

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

Integer overflow

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...

CVE-2020-35926

An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator even ChaCha to return all zeroes because integer truncation was mishandled...