968 matches found
IBM Worklight and Mobile Foundation Weak Password Vulnerability
IBM Worklight and Mobile Foundation are both products of IBM Corporation in the U.S. IBM Worklight is a suite of integrated development environments IDEs for developing, testing, running, and managing mobile applications.Mobile Foundation is a suite of software for rapidly creating mobile and...
kernel: Null pointer dereference in rngapi_reset function
A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapireset function may result in denial of service, crashing the system...
kernel: Null pointer dereference in rngapi_reset function
A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapireset function may result in denial of service, crashing the system...
CVE-2018-9057
aws/resourceawsiamuserloginprofile.go in the HashiCorp Terraform Amazon Web Services AWS provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password...
OracleVM 3.3 : dhcp (OVMSA-2018-0024)
The remote OracleVM system is missing necessary patches to address critical security updates : - Added oracle-errwarn-message.patch - Resolves: 1550085 - CVE-2018-5733 Avoid reference overflow 12:4.1.1-53.P1.2 - Resolves: 1550083 - CVE-2018-5732 Avoid options buffer overflow - Resolves: 1063217 -...
Insecure Number Generator
github.com/markbates/goth is vulnerable to insecure number generator. The SetState function in gothic.go uses math/rand which is a weak random number generator and not robust enough to withstand a cryptographic attack against it...
Encryption 101: ShiOne ransomware case study
In part one of this series, Encryption 101: a malware analyst's primer, we introduced some of the basic encryption concepts used in malware. If you haven't read it, we suggest going back for a review, as it's necessary in order to be able to fully follow part two, our case study. In this study, w...
CVE-2017-15116
A flaw was found in the Linux kernel's random number generator API. A null pointer dereference in the rngapireset function may result in denial of service, crashing the system...
SMA Solar Technology inverter access control error vulnerability (CNVD-2017-27841)
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. An access control error vulnerability exists in the SMA Solar Technology inverter. An attacker could use this vulnerability to change the system time, affecting the timestamp-based locking policy and the random numb...
For NXP I. MX microprocessor HAB vulnerability analysis-vulnerability warning-the black bar safety net
One, Foreword NXP(NXP)semiconductor production company i. The MX Series application processor of the Secure Boot features in the presence of two vulnerabilities, two vulnerabilities by Quarkslab the two researchers Guillaume Delugré and Kévin Szkudłapski found this article on the two vulnerabilit...
CVE-2017-11519
TP-Link Archer C9(UN)_V2_160517 is affected by CVE-2017-11519 due to a predictable RNG seed in passwd_recovery.lua, enabling an attacker to reset the admin password over the network. The issue is fixed in firmware C9(UN)_V2_170511. If exploited, impact is administrator password reset; CVSS metric...
RHEL 7 : qemu-kvm-rhev (RHSA-2017:1431)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1431 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the...
Important: Red Hat Security Advisory: qemu-kvm-rhev security and bug fix update
An update for qemu-kvm-rhev is now available for RHEV 3.X Hypervisor and Agents for RHEL-7 and RHEV 4.X RHEV-H and Agents for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...
Updated libxslt packages fix security vulnerability
The libxslt library failed to seed its random number generator, resulting in predictable random values CVE-2015-9019...
MGASA-2017-0169 Updated libxslt packages fix security vulnerability
The libxslt library failed to seed its random number generator, resulting in predictable random values CVE-2015-9019...
EulerOS 2.0 SP1 : libgcrypt (EulerOS-SA-2016-1081)
According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A design flaw was found in the libgcrypt PRNG Pseudo-Random Number Generator. An attacker able to obtain the first 580 bytes of the PRNG output...
USN-3260-1 firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to...
Huawei WS318 Design Vulnerability
Huawei WS318 is a wireless router product from Huawei China. A security vulnerability exists in Huawei WS318 V100R001C01B022 and prior versions, which stems from insufficient randomness in the random number generator RNG in the vendor solution used by the product. The vulnerability can be exploit...
CVE-2014-9690
Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator RNG used in the supplier's solution is not random enough. As a result, brute force cracking the...
CVE-2014-9690
CVE-2014-9690 affects Huawei WS318 home gateways (software versions including V100R001C01B022 and earlier). The underlying issue is an insufficiently random RNG used by the vendor’s WPS implementation, enabling offline PIN brute-forcing. Exploitation allows an attacker to crack the WPS PIN and ga...