Denial Of Service (DoS)

Linux kernel is vulnerable to denial of service DoS attacks. The vulnerability exists in the Linux kernel's random number generator API. Attackers could cause a denial of service because of a null pointer dereference in the rngapireset function...

PT-2019-6812 · Chicken +1 · Chicken +1

Name of the Vulnerable Software and Affected Versions: Chicken versions prior to 4.8.0 Description: A casting error caused the random number generator to return a constant value on 64-bit platforms. The vendor notes that this function was not used for security purposes and is advertised as being...

EulerOS Virtualization 3.0.1.0 : libgcrypt (EulerOS-SA-2019-1448)

According to the version of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A design flaw was found in the libgcrypt PRNG Pseudo-Random Number Generator. An attacker able to obtain the first 580 bytes of th...

Siemens SIMATIC S7-1200 PLCs < 4.0 Random Number Generator Insufficient Entropy

Binary data 720193.prm...

Siemens SIMATIC S7-1500 PLCs < 1.5 Random Number Generator Insufficient Entropy

Binary data 720194.prm...

Weak Random Number Generator

Ubuntu has a weak random number generator. OpenSSL generates insufficiently random numbers allowing remote authenticated attackers to impact confidentiality, Integrity and availability...

Insecure Random Number Generator

gcc is vulnerable to insecure random number generator attacks. The vulnerability exists under certain circumstances, the ix86expandbuiltin function in i386.c in GNU Compiler Collection GCC version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber...

PHP 7.0.x < 7.0.1 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.1. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in the collatorsortwithsortkeys function due to improper clearing of pointers when destroying an array. An...

GHSA-V6WR-FCH2-VM5W OrientDB Server Community Edition uses insufficiently random values to generate session IDs

OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by...

CVE-2018-11291

In Snapdragon Automobile, Mobile, Wear in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD...

Code injection

In Snapdragon Automobile, Mobile, Wear in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD...

CVE-2018-11291

In Snapdragon Automobile, Mobile, Wear in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD...

CVE-2018-11291

CVE-2018-11291 affects Qualcomm Snapdragon and related IPs (e.g., IPQ8074, MDM9xxx, QCA family, SD/MOD platforms) with a cryptographic RNG that is not strong enough. The issue is described in the CVE as cryptographic issues due to weak randomness in NAN, affecting listed Snapdragon/SoC families. ...

CVE-2018-5837

The CVE-2018-5837 entry concerns Snapdragon SoCs (IPQ8074, MDM9xxx, SD series, etc.) where MAC address randomization during probe requests is compromised by a flawed RNG that outputs repeating values far sooner than expected. The description covers the affected devices and the root cause, but the...

Design/Logic Flaw

Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. A random number generator is used in Akka Remoting for TLS both classic and Artery Remoting. Akka allows configuration of custom random number generators. For historical reasons, Akka included t...

Attack on Pseudo-random number generator (PRNG) used in 1000 Guess, an Ethereum lottery game. (CVE-2018–12454)

Abstract An Ethereum lottery game, 1000 Guess, has a vulnerability that it generates random numbers predictable by anyone. This game decides a winner by a random number when the number of players who bet on the contract reaches to the predetermined number. The contract generates the random number...

Micali-Schnorr Generator (MS-DRBG) Part III - Zero Knowledge Proof Wanted!!

See also Part I and Part II of this series This is going to be a short blog post about the infamous Micali-Schnorr Random Number Generator MS-DRBG. See Part I and Part II of this series for more information about this topic. WHO: NIST published the specification for Micali-Schnorr Random Number...

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on the upstream 4.14.44 and fixes at least the following security issues: The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial...

The vulnerability of the mechanism for handling errors during the establishment of SSL connections for Qualcomm’s Android operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the error handling mechanism for establishing SSL connections in Qualcomm’s Android operating system is related to improper error handling of errors returned by the RNG function. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality,...

CenoCipher - Easy-To-Use, End-To-End Crypto-Communication Tool

CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet. It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, suc...