CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Huawei•added 2014/12/24 12:0 a.m.•31 views

Security Advisory-WPS PIN Offline Brute Force Cracking Vulnerability in Huawei Home Gateway Products

Some Huawei home gateways are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator RNG used in the supplier’s solution is not random enough. As a result, brute force cracking the PIN code is easier. After an attacker cracks the PIN...

7.5CVSS7.3AI score0.00808EPSS

Exploits0Affected Software1

Tenable Nessus•added 2014/12/22 12:0 a.m.•53 views

FreeBSD : ntp -- multiple vulnerabilities (4033d826-87dd-11e4-9079-3c970e169bc2)

CERT reports : The Network Time Protocol NTP provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prio...

7.5CVSS7.5AI score0.7809EPSS

Exploits4References5

OSV•added 2014/12/20 1:51 p.m.•8 views

MGASA-2014-0541 Updated ntp packages fix security vulnerabilities

Updated ntp packages fix security vulnerabilities: If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated CVE-2014-9293. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys...

7.5CVSS8AI score0.7809EPSS

Exploits4References9

OSV•added 2014/12/20 2:59 a.m.•1 views

DEBIAN-CVE-2014-9294

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

7.5CVSS7.4AI score0.12978EPSS

Exploits1References1

FreeBSD•added 2014/12/19 12:0 a.m.•54 views

ntp -- multiple vulnerabilities

CERT reports: The Network Time Protocol NTP provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and previous versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior...

7.5CVSS7.8AI score0.7809EPSS

Exploits4References1

Ubuntu•added 2014/10/22 8:44 p.m.•34 views

USN-2387-1: pollinate update

The pollinate package bundles the certificate for entropy.ubuntu.com. This update refreshes the certificate to match the one currently used on the server...

5.4AI score

Tenable Nessus•added 2014/10/10 12:0 a.m.•12 views

OracleVM 3.2 : bash (OVMSA-2014-0019)

The remote OracleVM system is missing necessary patches to address critical security updates : - Check for fishy environment Resolves: 1141644 - Fixed a bug that caused trap handlers to be executed recursively, corrupting internal data structures. Resolves: 964753 - Don't include backup files...

5.5AI score

Prion•added 2014/09/18 10:55 a.m.•17 views

Design/Logic Flaw

The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbe...

6.8CVSS6AI score0.01885EPSS

Exploits0References10Affected Software2

CVE•added 2014/09/18 10:0 a.m.•69 views

CVE-2014-4422

CVE-2014-4422 concerns the Apple kernel hardening RNG used early in the boot process. The connected sources confirm that the issue allowed some RNG output to be inferable by user space, enabling bypass of kernel-hardening protections. A fix was applied by replacing the early-boot RNG with a crypt...

8.1CVSS7.2AI score0.01885EPSS

Exploits0References10Affected Software1

Cvelist•added 2014/09/18 10:0 a.m.•27 views

CVE-2014-4422

7.1AI score0.01885EPSS

Exploits0References10

ThreatPost•added 2014/09/02 11:55 a.m.•16 views

WPS Implementation Issue Exposes Wi-Fi Routers to Attack

A number of popular home and small office routers suffer from an implementation problem that could lead an experienced hacker down the road toward learning the devices’ eight-digit Wi-Fi Protected Setup WPS PINs in one guess. The attack, developed by Dominique Bongard, founder of 0xcite of...

0.7AI score

Exploits0References2

ThreatPost•added 2014/07/22 11:11 a.m.•11 views

Trio of Flaws Haunts OleumTech Wireless Monitoring System

Researchers have identified several remotely exploitable vulnerabilities in a wireless remote monitoring product from OleumTech that is used in energy, water and other critical infrastructure sectors. Two of the three flaws are related to the encryption implementation in the affected products,...

1AI score

ThreatPost•added 2014/07/21 10:30 a.m.•6 views

EFF Releases Open Wireless Router Firmware

The EFF is working on an open wireless router firmware that’s designed to be a secure and flexible alternative to the existing software that runs on home and small business routers, much of which is notoriously insecure. The Open Wireless Router project, which the organization announced at the HO...

6.5AI score

Exploits0References5

ThreatPost•added 2014/07/16 8:25 a.m.•10 views

LibreSSL PRNG Vulnerability Patched

The OpenBSD project late last night rushed out a patch for a vulnerability in the LibreSSL pseudo random number generator PRNG. The flaw was disclosed two days ago by the founder of secure backup company Opsmate, Andrew Ayer, who said the vulnerability was a “catastrophic failure of the PRNG.”...

7.2AI score

Exploits0References6

seebug.org•added 2014/07/01 12:0 a.m.•16 views

GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (1)

No description provided by source. source: http://www.securityfocus.com/bid/32909/info GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator PRNG lacks entropy. Attackers may leverage this issue to obtain sensitive...

seebug.org•added 2014/07/01 12:0 a.m.•15 views

GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (2)

seebug.org•added 2014/07/01 12:0 a.m.•13 views

ISC BIND 8 Remote Cache Poisoning Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/25459/info BIND 8 is prone to a remote cache-poisoning vulnerability because of weaknesses in its random-number generator. An attacker may leverage this issue to manipulate cache data, potentially facilitating...

seebug.org•added 2014/07/01 12:0 a.m.•26 views

ISC BIND 8 Remote Cache Poisoning Vulnerability (1)