CVE-2007-2926

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning...

CVE-2007-2926

CVE-2007-2926 affects ISC BIND 9.x up to 9.5.0a5, where the DNS query ID generator used during answering resolver questions or sending NOTIFY messages uses a weak RNG. This enables a remote attacker to more easily guess query IDs and poison caches. The issue is specific to outgoing queries from B...

USN-489-1: Linux kernel vulnerabilities

A flaw was discovered in dvb ULE decapsulation. A remote attacker could send a specially crafted message and cause a denial of service. CVE-2006-4623 The compatsysmount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. CVE-2006-7203...

USN-486-1: Linux kernel vulnerabilities

The compatsysmount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. CVE-2006-7203 The Omnikey CardMan 4040 driver cm4040cs did not limit the size of buffers passed to read and write. A local attacker could exploit this to execute...

RHEL 5 : kernel (RHSA-2007:0376)

Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating system. These n...

kernel security update

CentOS Errata and Security Advisory CESA-2007:0376 Updated kernel packages that fix security issues and bugs in the Red Hat Enterprise Linux 5 kernel are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles t...

CVE-2007-2453

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, 1 does not properly seed pools when there is no entropy, or 2 uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on...

Code injection

c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value...

[USN-470-1] Linux kernel vulnerabilities

=========================================================== Ubuntu Security Notice USN-470-1 June 08, 2007 linux-source-2.6.20 vulnerabilities CVE-2007-1353, CVE-2007-2451, CVE-2007-2453 =========================================================== A security issue affects the following Ubuntu...

USN-470-1: Linux kernel vulnerabilities

USN-464-1 fixed several vulnerabilities in the Linux kernel. Some additional code changes were accidentally included in the Feisty update which caused trouble for some people who were not using UUID-based filesystem mounts. These changes have been reverted. We apologize for the inconvenience. For...

PT-2007-4043 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.7 PHP versions 5.0.x and earlier PHP versions prior to 5.2.1 Description: The issue affects the encryption process, making it easier for attackers to decrypt certain data due to guessable encryption keys. This is...

Mozilla Foundation Security Advisory 2007-05

Mozilla Foundation Security Advisory 2007-05 Title: XSS and local file access by opening blocked popups Impact: Moderate Announced: February 23, 2007 Reporter: shutdown, Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description shutdown...

CVE-2006-5639

Unspecified vulnerability in the random number generator in OpenWBEM Web Based Enterprise Management 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication."...

CVE-2006-5639

OpenWBEM 3.2.0 has an unspecified vulnerability in its random number generator that can enable privilege escalation via local or HTTP Digest authentication. Affected component: RNG in OpenWBEM. Impact aligns with CVSS base: HIGH (AV:N/AC:L/Au:N/C:P/I:P/A:P). No exploitation details or patch infor...

CVE-2006-5639

Unspecified vulnerability in the random number generator in OpenWBEM Web Based Enterprise Management 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication."...

Design/Logic Flaw

PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator C++ rand function during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand seed values an...

PasswordSafe 3.0 weak random number generator allows key recovery attack

Title : PasswordSafe 3.0 weak random number generator allows key recovery attack Date : March 23, 2006 Product : PasswordSafe 3.0 Discovered by : ElcomSoft Co.Ltd. Overview ====================================================================== PasswordSafe is a program originally written by...

CVE-2005-4730

Technical details (affected versions, impact, exploit info, and remediation) for CVE-2005-4730 are not publicly provided in the supplied documents. Monitor for updates.

CVE-2005-4730

Unspecified vulnerability in PEAR TextPassword 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds...

CVE-2005-4730

Unspecified vulnerability in PEAR TextPassword 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds...