Rust Security Feature Issue Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in nanorand crate before 0.5.1 for Rust that stems from any random number generator even ChaCha returning all zeros due to improper handling of integer truncation...

kernel: information exposure in drivers/char/random.c and kernel/time/timer.c

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality...

RUSTSEC-2020-0089 nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

Insecure Cryptography

rclone is vulnerable to insecure cryptography. The vulnerability exists due to the use of an insecure random number generator which produces insecure passwords with much less entropy than advertised...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

Design/Logic Flaw

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

CVE-2020-28924

CVE-2020-28924 affects rclone prior to 1.53.3. The issue stems from using a weak random number generator in the password generator, producing low-entropy passwords deterministically tied to the startup time. Attack surface includes encryption in the crypt backend, enabling potential password gues...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

Information disclosure

NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator PRNG algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2020-10256

CVE-2020-10256 affects the 1Password command-line tool (versions prior to 0.5.5) and the 1Password SCIM bridge (versions prior to 0.7.3). The root cause is an insecure random number generator used to generate keys, enabling an attacker with access to encrypted data to perform brute-force calculat...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

kernel: information exposure in drivers/char/random.c and kernel/time/timer.c

A flaw was found in the Linux kernel. The generation of the device ID from the network RNG internal state is predictable. The highest threat from this vulnerability is to data confidentiality...

Debian DLA-2385-1 : linux-4.19 security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, or information leak. CVE-2019-3874 Kernel buffers allocated by the SCTP network protocol were not limited by the memory cgroup controller. A local user could potentially us...

Information Disclosure

OpenSSL is vulnerable to information disclosure. A rewritten random number generator RNG that was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state and was not being used in the default case...

Matt Blaze on OTP Radio Stations

Matt Blaze discusses also here an interesting mystery about a Cuban one-time-pad radio station, and a random number generator error that probably helped arrest a pair of Russian spies in the US...

Linux kernel information disclosure vulnerability (CNVD-2020-44611)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel 5.7.11 and earlier versions. A remote attacker could exploit the vulnerability to obtain sensitive information about th...

Medium: openssl11

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...

Special Register Buffer speculative side channel

ISSUE DESCRIPTION This issue is related to the MDS and TAA vulnerabilities. Please see https://xenbits.xen.org/xsa/advisory-297.html MDS and https://xenbits.xen.org/xsa/advisory-305.html TAA for details. Certain processor operations microarchitecturally need to read data from outside the physical...

Unspecified Vulnerability in Elastic Cloud on Kubernetes

Elasticsearch is a set of Dutch Elasticsearch company built on Lucene open source distributed RESTful search engine . The product is mainly used in cloud computing and supports data indexing via HTTP using JSON. Elastic Cloud on Kubernetes version 1.1.0 before the existence of a security...