CVE-2020-7010

Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK...

CVE-2020-7010

Elastic Cloud on Kubernetes ECK versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK...

CVE-2020-13784

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator...

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-4376-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4376-1 advisory. Cesar Pereida Garca, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL...

Ubuntu: Security Advisory (USN-4376-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4376-1 openssl vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...

CVE-2020-6616

Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator PRNG is used in situations where a Hardware Random Number Generator HRNG should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8...

UBUNTU-CVE-2020-11035

In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens are generated using an insecure algorithm. The implementation uses rand and uniqid and MD5 which does not provide secure values. This is fixed in version 9.4.6...

Insecure Random Number Generator

github.com/elastic/cloud-on-k8s uses an insecure random number generator. Passwords are generated using an insecure random number generator, which would allow an attacker to easily brute-force and discover the Elasticsearch credentials generated by ECK...

gcc: POWER9 "DARN" RNG intrinsic produces repeated output

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

Insecure Randomness

php is vulnerable to insecure randomness. The vulnerability as it was discovered that the PHP lcgvalue function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to genera...

Information Disclosure

kernel is vulnerable to information disclosure. The vulnerability exists as a bug in the random number generator that prevented the manual seeding of the entropy pool...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1367)

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - qemu-kvm is an open source virtualizer that provides hardware emulation for the KVM hypervisor. qemu-kvm acts as a...

SUSE-SU-2020:0818-1 Security update for cloud-init

This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic random number generator with the system RNG bsc1162937. - CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936...

OPENSUSE-SU-2020:0400-1 Security update for cloud-init

This update for cloud-init fixes the following security issues: - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG with the system RNG bsc1162937. - CVE-2020-8632: Increased the default random password length from 9 to 20 bsc1162936. This update was imported from the...

gcc: POWER9 "DARN" RNG intrinsic produces repeated output

The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimize multiple calls of the builtindarn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single...

[SECURITY] Fedora 31 Update: nethack-3.6.6-1.fc31

NetHack is a single player dungeon exploration game that runs on a wide variety of computer systems, with a variety of graphical and text interfaces all using the same game engine. Unlike many other Dungeons & Dragons-inspired games, the emphasis in NetHack is on discovering the detail of the...