DEBIAN-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

UBUNTU-CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

GnuTLS: DTLS protocol regression

Background GnuTLS is an Open Source implementation of the TLS and SSL protocols. Description It was discovered that DTLS client did not contribute any randomness to the DTLS negotiation. Impact Please review the referenced advisory for details. Workaround There is no known workaround at this time...

FreeBSD : GnuTLS -- flaw in DTLS protocol implementation (d887b3d9-7366-11ea-b81a-001cc0382b2f)

The GnuTLS project reports : It was found that GnuTLS 3.6.3 introduced a regression in the DTLS protocol implementation. This caused the DTLS client to not contribute any randomness to the DTLS negotiation breaking the security guarantees of the DTLS protocol. C Tenable Network Security, Inc. The...

CVE-2020-9449

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

UBUNTU-CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand and random standard library functions without any preceding srand or srandom call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

UBUNTU-CVE-2015-8851

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing...

DEBIAN-CVE-2013-0294

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

PYSEC-2020-211

packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack...

CVE-2018-19441

An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secretkey values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to...

CVE-2018-19441

The CVE-2018-19441 issue affects Neato Botvac Connected 2.2.0. The GenerateRobotPassword function in the NeatoCrypto library uses insufficiently random numbers for robot secret_key values used in local and cloud authentication/authorization. Entropy depends solely on the robot’s serial number (pr...

Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2018-1174)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of ViewPoint video terminals models 9630, 9650, and 9660 is related to the use of insufficiently random values, which allows attackers to disclose protected information.

The vulnerability of ViewPoint video terminals models 9630, 9650, and 9660 is related to the use of insufficiently random values. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...

PT-2019-6750 · Openbsd · Openbsd

Name of the Vulnerable Software and Affected Versions: OpenBSD affected versions not specified Description: The issue concerns a problem in the random number generation functionality. Specifically, when the random number generator is seeded with 0, it returns 0. This behavior is observed in the...

CVE-2019-5232

There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak...

The vulnerability of the fork() function in the OpenSSL library, which allows a hacker to gain unauthorized access to protected information

The vulnerability of the fork function in the OpenSSL library is related to the use of insufficiently random values. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to protected information...